python-env
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The compatibility section in SKILL.md instructs users to install uv using 'curl -LsSf https://astral.sh/uv/install.sh | sh'. This method downloads and executes a script from an untrusted source (astral.sh is not in the trusted organizations list) directly in the shell environment.\n- Indirect Prompt Injection (LOW): The skill allows the agent to install arbitrary packages via uv pip install, creating a surface for injection if an attacker can control the package names.\n
- Ingestion points: Package names provided to 'uv pip install' or within a 'pyproject.toml' file.\n
- Boundary markers: Absent; there are no instructions to verify package integrity or restrict sources.\n
- Capability inventory: The skill utilizes the Bash tool to install and execute Python code.\n
- Sanitization: Absent; the skill does not validate or sanitize package names before execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata