uv
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill employs commands like 'uv add', 'uv sync', and 'uv tool install' that download software from the Python Package Index (PyPI). This introduces a risk where a malicious package could be installed via typosquatting or dependency confusion attacks.
- REMOTE_CODE_EXECUTION (MEDIUM): Use of 'uvx' and 'uv run' allows for the execution of code downloaded from external sources. This creates a vector for remote code execution if the package names are manipulated or if a registry is compromised.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through external configuration files. Ingestion points: Reads 'pyproject.toml' for dependencies and '.env' for environment variables. Boundary markers: None identified in the skill instructions; the agent may execute instructions embedded in these files. Capability inventory: Provides 'uv run' for script execution and 'uv publish' for network access. Sanitization: No validation of file content or package names is specified.
Audit Metadata