The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the agent to execute curl -LsSf https://astral.sh/uv/install.sh | sh. Piped remote execution is a high-risk pattern because the content of the script can be changed by the host at any time to include malicious payloads.
Evidence: Found in SKILL.md (Troubleshooting section) and references/DETAILED-WORKFLOW.md (Step 1).
Source Status: astral.sh is not on the Trusted External Sources list.
[COMMAND_EXECUTION] (HIGH): The skill performs extensive shell command execution including environment modification, tool installation, and running test suites which can be leveraged if combined with malicious local files.
Evidence: Use of uv pip install, ruff check, pytest, and make all across both files.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads multiple external resources beyond the primary UV installer, including pre-commit hooks and Python versions.
Evidence: uv python install 3.12 and pre-commit configuration in references/DETAILED-WORKFLOW.md (Step 10).
[INDIRECT PROMPT INJECTION] (HIGH): The skill has a significant attack surface as it processes untrusted data from local project files while maintaining full command execution capabilities.
Ingestion points: Reads pyproject.toml, requirements.txt, and .pre-commit-config.yaml (File: references/DETAILED-WORKFLOW.md).
Boundary markers: Absent. The skill treats the content of these files as trusted configuration.
Capability inventory: Full shell access, dependency installation, and execution of local binaries via pytest and make (File: references/DETAILED-WORKFLOW.md).
Sanitization: Absent. No validation or filtering of the content inside the ingested configuration files before they influence shell commands.

setup-python