python-venv-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted project files which serves as a potential vector for indirect prompt injection. * Ingestion points: Files located within the user-provided 'project_path' (e.g., requirements.txt, pyproject.toml). * Boundary markers: None specified in the provided documentation to differentiate data from instructions. * Capability inventory: Documentation implies the execution of system commands for environment management (venv, virtualenv, conda). * Sanitization: No evidence of input validation or content sanitization is present in the analyzed files.
- [No Code] (SAFE): The provided files (SKILL.md and skill.yaml) contain only configuration and descriptive text; no actual implementation scripts (Python, Node.js, or Shell) were included for analysis.
Audit Metadata