uv-package-manager
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation in resources/implementation-playbook.md provides links to download the uv installer from astral.sh and references the official GitHub repository at github.com/astral-sh/uv. It also includes Dockerfile examples that pull images from ghcr.io/astral-sh/uv.
- [REMOTE_CODE_EXECUTION]: The skill includes instructions for the official uv installation method which utilizes pipe-to-shell patterns (curl -LsSf ... | sh) and PowerShell's iex for remote script execution. These are standard procedures for installing this developer tool and originate from a well-known vendor.
- [COMMAND_EXECUTION]: The skill provides numerous examples of system command execution via the uv CLI for initializing projects, managing dependencies, and controlling virtual environments.
Audit Metadata