python-packaging
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONNO_CODE
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): Automated scanner URLite identified a blacklisted URL within the MANIFEST.in file. Manifest files are used to define files included in a package distribution and can be exploited to reference or fetch malicious resources from external servers.
- REMOTE_CODE_EXECUTION (HIGH): Packaging configuration files that include malicious URLs are a common vector for remote code execution, as these URLs may be accessed and executed during the skill's installation or update phase.
- NO_CODE (LOW): No source code or executable scripts were provided for analysis beyond the manifest alert. This lack of functional code prevents a comprehensive behavioral audit, although the presence of a blacklisted URL in the metadata is sufficient for a high-severity warning.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata