py-modernize

The document is an operational guide to migrate Python projects to use the uv tool and modernize syntax to Python 3.13+. It contains no direct malicious code or explicit credential harvesting logic. However, it does include high-risk supply-chain patterns: a curl|sh installer example, reliance on a third-party CLI (uv) for environment creation and package installation, and a third-party GitHub Action. These patterns elevate supply-chain risk because they allow arbitrary code execution during install and in CI. Recommended mitigations: avoid or discourage curl|sh installs, prefer official distribution channels or pinned releases, review the uv installer and GitHub Action source before adopting, avoid global installs in automation, and run install steps in isolated CI containers with least privilege. Overall this skill should be considered a supply-chain-risk guidance document (not directly malicious), with medium security risk due to the download-execute and third-party tooling recommendations.