python-uv
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a best-practice guide for the uv package manager and modern Python ecosystem tools. All code snippets are standard implementation patterns for the referenced libraries.
- [EXTERNAL_DOWNLOADS]: The skill references the official
ghcr.io/astral-sh/uvDocker images and theastral-sh/setup-uvGitHub Action. These are well-known, trusted sources for the uv toolchain. - [COMMAND_EXECUTION]: Documentation includes standard uv CLI commands such as
uv run,uv sync, anduv lock. These are essential for the tool's intended purpose and are used according to official documentation. - [CREDENTIALS_UNSAFE]: Code examples for environment configuration and package publishing use environment variables (e.g.,
$PYPI_TOKEN) or obvious documentation placeholders. No actual credentials or sensitive keys are hardcoded.
Audit Metadata