lyxy-runner-python
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of Python scripts by constructing and running shell commands via the uv tool.
- [EXTERNAL_DOWNLOADS]: The skill uses uv's --with flag to dynamically download and install required packages from PyPI. It also references official installation scripts from astral.sh, a well-known service in the Python ecosystem.
- [REMOTE_CODE_EXECUTION]: The primary function of the skill is to generate and execute Python scripts, which is the intended and documented behavior for this utility.
- [PROMPT_INJECTION]: The skill acts as an execution engine for LLM-generated code, presenting an indirect prompt injection surface. Ingestion points: User-provided instructions for script generation (SKILL.md). Boundary markers: None identified. Capability inventory: Local file writing (scripts/get_temp_path.py) and shell command execution via uv run. Sanitization: No specific sanitization or validation of the generated code is described before execution.
Audit Metadata