uv-ruff-python-tools
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and instructions reference official installers and assets from astral.sh and github.com/astral-sh. These are well-known and trusted sources for Python tooling.
- [REMOTE_CODE_EXECUTION]: Installation instructions include piping remote scripts directly to the shell (curl | sh) and using PowerShell's iex for execution. These represent remote code execution patterns, though they are targeted at the official Astral distribution points.
- [COMMAND_EXECUTION]: The skill frequently executes shell commands to manage Python environments, install dependencies, and run code analysis tools. This includes the use of powershell -ExecutionPolicy ByPass for Windows installation, which is the official method for the tool but involves bypassing local security policies.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the lack of sanitization when interpolating user-provided data into shell commands.
- Ingestion points: CLI arguments and file paths provided by the user (e.g., in uv add, uv init, and ruff check) are directly inserted into command strings.
- Boundary markers: There are no protective markers or instructions to isolate untrusted input from the command logic.
- Capability inventory: The agent has the capability to spawn subprocesses for the uv and ruff binaries, which can execute logic on the host system.
- Sanitization: The instructions do not provide rules for escaping or validating user-provided strings before they are used in a shell context.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata