upgrade-python-deps
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is authorized to run
make test. This allows the execution of arbitrary shell commands defined within a project's Makefile, providing a direct path for local code execution if the environment or Makefile is compromised. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes output from external package managers (
uv) and test suites (make test,mypy). It possesses high-impact capabilities including code execution and file commits (/commit). Malicious content in package metadata, version strings, or error messages from compromised dependencies could influence the agent to perform unauthorized actions during its summary or commit phases. - [EXTERNAL_DOWNLOADS] (LOW): The skill uses
uv lock --upgradeanduv syncto fetch packages from external registries. While these typically target trusted sources like PyPI, the act of fetching and installing unpinned or upgraded third-party code is a known supply-chain risk. - [REMOTE_CODE_EXECUTION] (MEDIUM): Dependency installation via
uv syncinvolves downloading and potentially executing code (e.g., during build steps or via entry points) from remote sources.
Recommendations
- AI detected serious security threats
Audit Metadata