python-project-creator
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses instructional constraints (e.g., specifying tool preferences like 'uv') to ensure development consistency, which is benign instructional behavior.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of reputable and well-known Python packages such as FastAPI, Pandas, and Pytest from the official PyPI registry.
- [COMMAND_EXECUTION]: Performs routine system operations including directory creation, virtual environment management, and git initialization to set up the development environment.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing user-provided project names and dependency lists.
- Ingestion points: User input for project metadata and package requirements (defined in SKILL.md).
- Boundary markers: No explicit delimiters or warnings for user content are provided.
- Capability inventory: Execution of shell commands for project structure and package management.
- Sanitization: No sanitization of user-provided strings is described.
Audit Metadata