uv-troubleshooting
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official uv installation script from 'astral.sh'. This is a well-known service, and the script is the standard method for installing the tool.
- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute uv commands for diagnostic purposes, such as 'uv sync', 'uv lock', and 'uv cache clean'. These are expected behaviors for a troubleshooting utility.
- [PROMPT_INJECTION]: The skill uses shell commands that incorporate package names provided by the user (e.g., 'uv add package-name'). This is documented as a surface for potential indirect prompt injection, though it remains within the intended scope of a package management troubleshooting tool.
Audit Metadata