python-project
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill references standard development commands such as
uv sync,uv run pytest, andruff check. These are part of a legitimate Python toolchain and do not involve arbitrary or dangerous command execution. - [EXTERNAL_DOWNLOADS]: The skill uses
uvfor dependency synchronization and package management. These operations target standard package registries and are consistent with the skill's primary purpose of managing Python projects. - [PROMPT_INJECTION]: The instructions contain strong emphasis markers (e.g., 'MUST be consulted', 'NEVER use python') to ensure adherence to standards. These are instructional in nature and do not attempt to bypass safety filters or override system-level instructions.
- [DATA_EXFILTRATION]: Code examples include placeholders for API endpoints (e.g.,
https://api.example.com). No sensitive file access or unauthorized network transmissions were found. - [DYNAMIC_EXECUTION]: The skill explicitly discourages unsafe dynamic patterns like
getattrorsetattr. It usesimportlib.resources.files()for static package resource access, which is a secure best practice.
Audit Metadata