uv-ci-cd-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches and executes public web content (e.g., SKILL.md Quick Start's curl to https://docs.astral.sh/uv/guides/integration/github/ and multiple CI steps that run curl -LsSf https://astral.sh/uv/install.sh | sh), so the agent would read/ingest third‑party public site content that can change installation and runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and execute remote installer code (e.g., "curl -LsSf https://astral.sh/uv/install.sh | sh"), which runs arbitrary remote code and is relied on to install the required uv tool.