uv-tool-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs running uvx/uv tool install commands that fetch and execute code and data from public third‑party sources (e.g., "uvx --from git+https://github.com/httpie/cli httpie", "uvx httpie https://api.github.com", and "uv tool install git+https://github.com/user/tool"), so the agent would ingest untrusted, user‑provided web/package content that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Requirements explicitly instruct installing uv via "curl -LsSf https://astral.sh/uv/install.sh | sh", which fetches and immediately executes remote code as part of setup and is required for the skill to run.