python-packaging
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains no malicious patterns, prompt injections, or unauthorized data access commands. It functions purely as a set of instructions and templates for Python developers.
- [EXTERNAL_DOWNLOADS]: References to external packages and tools (e.g., requests, click, uv, hatchling) involve well-known and reputable software in the Python ecosystem. These are documented for project setup and do not involve untrusted remote code execution.
- [CREDENTIALS_UNSAFE]: The skill demonstrates the correct use of GitHub Secrets for managing authentication tokens (e.g., UV_PUBLISH_TOKEN: ${{ secrets.PYPI_TOKEN }}), which is the recommended practice for secure CI/CD pipelines.
- [COMMAND_EXECUTION]: The shell commands provided (e.g., uv build, uv publish) are standard for the intended task of package management and are safe when used in the context of the user's own project.
Audit Metadata