python-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill recommends installing and running the 'ty' package from an external registry using 'uv tool install ty' and 'uvx ty check'. Evidence: Found in SKILL.md under the 'Optional: ty' section. Risk: The tool provider (Astral) is not listed in the trusted organizations, and the tool is downloaded/executed without version pinning, making it unverifiable.
- Indirect Prompt Injection (LOW): The skill is designed to process untrusted Python code files, presenting an injection surface. Evidence: File ingestion is specified in the SKILL.md metadata. Mandatory Evidence: 1. Ingestion points: Reads and writes workspace Python files. 2. Boundary markers: Absent; no instructions to ignore commands within code comments. 3. Capability inventory: Reading and writing files. 4. Sanitization: Absent; no mention of escaping or validating file content before processing.
Audit Metadata