python-expert
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the
uvpackage manager from its official source atastral.sh(Astral Software). This is a well-known service used for Python dependency management. - [COMMAND_EXECUTION]: Guidance is provided for executing Python scripts, managing virtual environments, and running CLI utilities using the
uv runanddjango-admincommands. - [REMOTE_CODE_EXECUTION]: Examples include a pattern for installing the
uvtool via a shell script piped from a remote URL. As the source is the official domain for the tool, this is considered a standard and safe installation procedure. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes user-supplied code and data (such as CSV files) while suggesting the use of tools with network and file system access. This is a common characteristic for coding assistance skills and is mitigated by the skill's own instructions to prioritize secure configuration through environment variables rather than hardcoded secrets.
Audit Metadata