Skills
skills/majiayu000/claude-arsenal/python-project/Gen Agent Trust Hub

python-project

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): Detected in reference/tech-stack.md. The command curl -LsSf https://astral.sh/uv/install.sh | sh executes a remote script without verification. According to security guidelines, piped remote execution from non-whitelisted sources is classified as CRITICAL.
  • EXTERNAL_DOWNLOADS (LOW): The project documentation recommends downloading and installing tools from astral.sh. As this domain is not within the Trusted External Sources scope, the action is flagged for potential supply chain risk.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:11 PM