Skills
skills/openhands/skills/uv/Gen Agent Trust Hub

uv

Fail

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Provides instructions for installing the uv tool using official shell and PowerShell scripts from astral.sh. These are standard installation patterns for this well-known utility.
  • [EXTERNAL_DOWNLOADS]: Fetches installation scripts and references documentation from astral.sh, the official provider for the uv tool.
  • [COMMAND_EXECUTION]: Uses uv run, uv sync, and uv add to manage environments and execute code. These commands operate within the local project environment.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes data from external project files.
  • Ingestion points: The skill reads and acts upon uv.lock, pyproject.toml, and requirements.txt files (referenced in SKILL.md).
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within these files are provided.
  • Capability inventory: The skill can execute arbitrary commands via uv run and install new dependencies via uv add based on project context.
  • Sanitization: There is no evidence of sanitization or validation of the content within the configuration files before they are processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 03:58 PM