Skills
skills/sumik5/sumik-claude-plugin/developing-python/Gen Agent Trust Hub

developing-python

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The guide includes references to downloading installation scripts for development tools from well-known sources.
  • Documentation mentions fetching the uv package manager installation script from astral.sh (INSTRUCTIONS.md, references/TOOLING.md).
  • Documentation mentions fetching the mise tool manager installation script from mise.run (references/TOOLING.md).
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions for piped remote execution of installation scripts for developer utilities.
  • The guide suggests using curl | sh to install uv and mise, which are established industry-standard procedures for these specific well-known tools.
  • [PROMPT_INJECTION]: There is an identified vulnerability surface for indirect prompt injection due to the skill's operational triggers.
  • Ingestion points: The skill is configured to activate upon detecting user-controlled configuration files like pyproject.toml or requirements.txt (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for processing these configuration files.
  • Capability inventory: The skill facilitates execution or suggestion of multiple commands, including uv run, docker build, and pytest (INSTRUCTIONS.md, references/TOOLING.md).
  • Sanitization: No sanitization or schema validation for the content of processed configuration files is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 02:12 PM