uv
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documents the installation of Python packages and tools from PyPI using commands such as
uv add,uv pip install, anduvx. This functionality is the primary purpose of the tool and is managed by a trusted vendor. - [COMMAND_EXECUTION]: Provides guidance on executing Python scripts and CLI tools using
uv runanduvx. This allows the agent to interact with the project environment as intended. - [PROMPT_INJECTION]: Ingestion points: The skill analyzes local files including
pyproject.toml,uv.lock, andrequirements.txtto determine the appropriate workflow. Boundary markers: No explicit markers are defined for these configuration files. Capability inventory: Includes the ability to install packages and execute commands within the environment. Sanitization: No specific validation of configuration file content is mentioned. The skill proactively warns about the safety of running third-party tools viauvx.
Audit Metadata