python-venv
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Contains instructions for fetching the 'uv' package manager from its official distribution site (astral.sh) to assist with environment setup and dependency management.
- [COMMAND_EXECUTION]: Outlines various system commands for environment lifecycle management, including environment creation, activation, and a recommendation to set the PowerShell execution policy to 'RemoteSigned' for local script compatibility.
- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection as the skill instructs the agent to process and act upon the contents of project-specific configuration files.
- Ingestion points: 'requirements.txt', 'pyproject.toml', 'setup.py', 'Pipfile', and 'environment.yml' located in the project directory.
- Boundary markers: None; the skill assumes the presence of these files dictates the environment workflow.
- Capability inventory: Employs subprocess execution for 'pip', 'uv', 'poetry', 'conda', 'python', and file system cleanup ('rm -rf').
- Sanitization: No explicit validation or sanitization of the data within the project configuration files is described before they are passed to the underlying tools.
Audit Metadata