uv-package-manager
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The file
installation-setup.mdrecommendscurl -LsSf https://astral.sh/uv/install.sh | sh. This is a 'piped remote execution' pattern. Althoughastral.shis the official domain for Astral Software, it is not on the pre-approved Trusted Organizations list, making this a high-risk recommendation for an automated agent. - Unverifiable Dependencies & Remote Code Execution (HIGH): The file
installation-setup.mdalso suggestspowershell -c "irm https://astral.sh/uv/install.ps1 | iex". This is the Windows equivalent of piping a remote script to a shell (Invoke-Expression), presenting the same high risk. - External Downloads (MEDIUM): The skill directs the agent to download and install various Python interpreters and packages from external sources like
astral.shandpypi.org, which are outside the trusted scope defined for this analysis. - Persistence Mechanisms (LOW): The file
installation-setup.mdinstructs the user to modify shell configuration files (~/.bashrc,~/.zshrc) to include uv in the system PATH, which is a common persistence vector for CLI tools. - Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect prompt injection. \n
- Ingestion points: Reads and processes
pyproject.toml,requirements.txt, and.python-versionfiles. \n - Boundary markers: None present; the agent treats file contents as trusted configuration. \n
- Capability inventory: Bash, Write, Edit, Grep, Glob. \n
- Sanitization: None detected. Malicious instructions placed in a processed
requirements.txtcould potentially manipulate the agent's command-line operations.
Recommendations
- AI detected serious security threats
Audit Metadata