Skills
skills/findinfinitelabs/chuuk/python-venv-management/Gen Agent Trust Hub

python-venv-management

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute system-level commands to modify the PowerShell execution policy using Set-ExecutionPolicy -ExecutionPolicy RemoteSigned. This modifies the operating system's security posture, potentially allowing other malicious scripts on the system to run.
  • [REMOTE_CODE_EXECUTION] (LOW): The skill frequently uses pip install commands. While standard for Python development, this allows for the download and execution of arbitrary code from external registries (PyPI). The severity is LOW as this is core to the skill's stated purpose.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect injection via untrusted project files.
  • Ingestion points: The skill reads requirements.txt and package names from the project environment.
  • Boundary markers: Absent. The skill does not implement delimiters or warnings when interpolating file content into terminal commands.
  • Capability inventory: Subprocess execution of python, pip, and shell scripts (.venv/bin/activate).
  • Sanitization: None detected. The skill directly executes commands based on local file content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:57 PM