python-packaging
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard documentation and configuration templates for Python project management using the
uvtool. All commands, such asuv init,uv add, anduv publish, represent legitimate development workflows. - [SAFE]: The GitHub Actions workflows in
ci-cd-integration.mduse official and trusted actions (actions/checkout,astral-sh/setup-uv). Sensitive information like the PyPI token is handled correctly through GitHub Secrets (${{ secrets.PYPI_TOKEN }}). - [SAFE]: All referenced Python packages (e.g.,
requests,click,ruff,mypy,hatchling) are well-known, widely-used, and legitimate libraries in the Python ecosystem. - [SAFE]: No instances of prompt injection, data exfiltration, or persistence mechanisms were found. The skill does not perform any network operations to unknown or suspicious domains.
Audit Metadata