python-packaging-uv
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No override instructions or bypass attempts were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill uses environment variable placeholders for tokens ($PYPI_TOKEN) which is the recommended practice for CLI tools. No hardcoded secrets or unauthorized data exfiltration paths were identified.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The instructions rely on standard 'uv' commands and do not involve downloading or executing scripts from untrusted remote sources.
- [Indirect Prompt Injection] (SAFE): The skill provides a command reference for local development and does not process external untrusted data in a way that triggers side-effect capabilities.
Audit Metadata