python-uv-project-setup
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): No malicious instructions or bypass attempts detected. The 'Non-Negotiable Rules' and 'Red Flags' are instructional constraints for developer tool consistency, not safety bypasses.
- DATA_EXFILTRATION (SAFE): No network operations, hardcoded credentials, or sensitive file access patterns identified.
- EXTERNAL_DOWNLOADS (SAFE): The skill references standard Python packages as examples (loguru, fastapi, etc.). These are legitimate dependencies and do not represent a security risk within this context.
- COMMAND_EXECUTION (SAFE): While the skill involves executing commands like
uv runanduv add, these are standard operations for a package manager and are not used maliciously here. - INDIRECT_PROMPT_INJECTION (LOW): As a developer tool, there is an inherent surface for the agent to install packages based on user requests, but this skill does not include any unsafe interpolation of untrusted data into command strings.
Audit Metadata