Skills
skills/rory-data/copilot/python-conventions/Gen Agent Trust Hub

python-conventions

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (MEDIUM): Surface for indirect prompt injection exists during code reviews or refactoring. Ingestion points: Untrusted Python source code and PR descriptions. Boundary markers: None. Capability inventory: Command execution and package management via uv run, uv add, and uv sync. Sanitization: None.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): Recommends unverified or hallucinated tools 'ty' and 'prek'. The link provided for 'ty' (https://docs.astral.sh/ty/) is non-existent, and recommending obscure tools increases supply chain risk.
  • [COMMAND_EXECUTION] (LOW): Encourages environment-altering commands like uv run and uv sync which are standard but involve executing local scripts and managing project dependencies.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:36 PM