Skills
skills/curiouslearner/devkit/python-venv-manager/Gen Agent Trust Hub

python-venv-manager

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill uses piped commands (curl | python3 and curl | bash) to execute scripts directly from https://install.python-poetry.org and https://pyenv.run. This pattern bypasses security validation and allows for arbitrary code execution from remote sources.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill attempts to download resources from domains (python-poetry.org and pyenv.run) that are not included in the list of trusted external sources, posing a supply chain risk.
Recommendations
  • HIGH: Downloads and executes remote code from: https://pyenv.run, https://install.python-poetry.org - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:18 PM