python-uv-acceleration
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill instructs the agent to install software by piping remote scripts directly to a shell interpreter. This allows for arbitrary code execution from a non-whitelisted source.
- Evidence in
SKILL.md:curl -LsSf https://astral.sh/uv/install.sh | shandpowershell -c "irm https://astral.sh/uv/install.ps1 | iex". - Evidence in
references/uv-commands.md: Identical installation commands repeated. - Context: The domain
astral.shis not included in the 'Trusted GitHub Organizations' or 'Trusted GitHub Repositories' list provided in the security policy. - [Indirect Prompt Injection] (LOW): The skill is designed to process external, potentially untrusted project files which could contain malicious instructions or malformed dependency definitions.
- Ingestion points: The skill reads
requirements.txt,pyproject.toml, and.pyfiles from the project directory (SKILL.md). - Boundary markers: Absent. There are no instructions to the agent to ignore or sanitize content within these files.
- Capability inventory: The skill uses
uv pip install, which involves network operations and file system modifications based on the content of the ingested files. - Sanitization: Absent. The agent is encouraged to execute commands directly using the names/paths found in the ingested files.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata