Skills
skills/julianobarbosa/claude-code-skills/python-project/Gen Agent Trust Hub

python-project

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The reference documentation contains instructions for downloading and executing remote scripts in a single command, which bypasses manual inspection of the code before execution.
  • Evidence: curl -LsSf https://astral.sh/uv/install.sh | sh found in references/uv-commands.md.
  • Evidence: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex" found in references/uv-commands.md.
  • Note: While targeting the official astral.sh domain, these patterns are high-severity indicators of potential supply chain or command injection vulnerabilities.
  • COMMAND_EXECUTION (HIGH): The provided PowerShell command explicitly bypasses the local execution policy to run remote scripts.
  • Evidence: Use of -ExecutionPolicy ByPass in references/uv-commands.md.
  • DYNAMIC_EXECUTION (LOW): The initialization script dynamically generates Python source files and directory structures at runtime.
  • Evidence: scripts/init-project.sh uses cat and touch to create app.py, main.py, and Jinja2 templates. This is standard for project scaffolding but qualifies as dynamic code generation from a security posture.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:04 PM