python-uv
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to use
uv runanduv add, which involve subprocess execution. While standard for Python development, this capability allows for the execution of untrusted code if the script or package is malicious. - [EXTERNAL_DOWNLOADS] (LOW): The skill encourages downloading packages from external registries via
uv. This carries inherent risks such as dependency confusion or the installation of malicious third-party packages. - [INDIRECT PROMPT INJECTION] (MEDIUM): The skill defines an attack surface by instructing the agent to parse and act upon PEP 723 inline script metadata. Ingestion points: Python script comment blocks (
# /// script). Boundary markers: Absent. Capability inventory:uv run,uv add,uv sync(subprocess execution, network access, file system modification). Sanitization: Absent. An attacker could use these metadata blocks to force the agent to install and execute malicious dependencies when running a script.
Audit Metadata