uv-scripts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill documentation describes how to use the
uv runcommand to execute Python scripts. This is the primary intended functionality of the skill and aligns with the purpose of the 'uv' tool. - EXTERNAL_DOWNLOADS (SAFE): The skill demonstrates how to include Python dependencies (e.g.,
requests,rich). While this involves downloading packages from the internet (typically PyPI), it uses standard toolchains and represents expected developer workflows. - INDIRECT_PROMPT_INJECTION (LOW): The skill enables an agent to execute Python code, which creates a surface for indirect prompt injection if the agent is instructed to run code derived from untrusted user input.
- Ingestion points: Python script files (
script.py) and standard input (uv run -). - Boundary markers: None explicitly defined in the documentation examples.
- Capability inventory: Arbitrary Python code execution, network access (via packages like
requests), and file system interaction. - Sanitization: The skill is a documentation resource and does not implement its own sanitization logic; it relies on the underlying agent environment's security controls.
Audit Metadata