uv-python-manager
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (HIGH): The skill is designed to run arbitrary Python scripts using 'uv run'. This capability can be leveraged to execute malicious code on the host system if the agent is prompted to run an untrusted file.
- [External Downloads] (MEDIUM): The 'uv add' command facilitates the installation of third-party packages from external registries. This introduces risks such as typosquatting or the installation of compromised dependencies, which can execute code during the installation process (e.g., via setup.py).
- [Indirect Prompt Injection] (HIGH): The skill lacks input sanitization or boundary markers when processing user-provided package names or script paths.
- Ingestion points: User requests and potentially local project files.
- Boundary markers: None identified in the prompt instructions.
- Capability inventory: Shell command execution, network access (PyPI), and file system modification.
- Sanitization: No validation or filtering is performed on the arguments passed to 'uv'.
- [Command Execution] (MEDIUM): The skill constructs shell commands dynamically based on natural language input. Without strict validation of the generated command strings, there is a risk of command injection through specially crafted user inputs.
Recommendations
- AI detected serious security threats
Audit Metadata