pypi-doppler
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Mentions the installation of the uv package manager from astral.sh, which is a well-known service in the Python community. The reference is used for legitimate development environment setup.
- [COMMAND_EXECUTION]: Executes uv and doppler command-line tools to build packages and retrieve publishing credentials. This is required for the skill's core functionality.
- [DATA_EXFILTRATION]: Performs network requests to pypi.org, a well-known service, to verify package publication status. No sensitive local data is sent to untrusted domains.
- [REMOTE_CODE_EXECUTION]: Includes instructions and suggested commands for installing uv via a remote script from its official and well-known source.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through the parsing of project configuration files.
- Ingestion points: The scripts/publish-to-pypi.sh script extracts metadata from the local pyproject.toml file.
- Boundary markers: No specific delimiters or safety instructions are used to separate file content from the script logic.
- Capability inventory: The script has permissions for file system operations, network access via curl, and subprocess execution for publishing tools.
- Sanitization: Extracted metadata is used within double-quoted shell strings, but the script does not perform strict validation of the configuration file's content.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata