poetry-uv-advisor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill defines an interface for analyzing Python projects, which creates a data ingestion surface. 1. Ingestion points: The
project_pathinput allows the agent to read files such aspyproject.tomlorrequirements.txt. 2. Boundary markers: No delimiters or ignore-instructions are specified in the metadata. 3. Capability inventory: The skill specifies capabilities for analysis and tool integration but provides no implementation code or scripts. 4. Sanitization: Not applicable as no processing logic is provided. - Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations were found.
- Remote Code Execution (SAFE): No external downloads or script execution patterns are present in the provided skill files.
- Metadata Poisoning (SAFE): The metadata fields (name, description) are consistent with the stated purpose and contain no malicious instructions.
Audit Metadata