modern-python
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes the uv installation script from astral.sh, which is the official domain for the well-known Astral technology company.
- [COMMAND_EXECUTION]: The skill instructions require the agent to use the Bash tool for project setup, dependency management, and tool execution (e.g., uv run, uv add).
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it directs the agent to ingest and act upon data from external configuration files. 1. Ingestion points: The agent reads requirements.txt during migration and pyproject.toml during standard development workflows. 2. Boundary markers: No boundary markers or instructions to ignore embedded logic are specified for the processing of these files. 3. Capability inventory: The agent has access to the Bash tool, allowing it to execute arbitrary commands or install packages based on file content. 4. Sanitization: No sanitization or validation logic is defined to check the contents of the configuration files before they are used in command-line operations.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata