pypi-doppler
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
scripts/publish-to-pypi.shand the mainSKILL.mdcontain instructions to install theuvtool usingcurl -LsSf https://astral.sh/uv/install.sh | sh. This executes a remote shell script directly. This is the official installation method foruvprovided by Astral, a well-known developer tooling company. - [EXTERNAL_DOWNLOADS]: The skill downloads the Doppler CLI using Homebrew (
brew install dopplerhq/cli/doppler) and fetches theuvinstaller fromastral.sh. It also queries the official PyPI JSON API (https://pypi.org/pypi/) to verify package publication. These operations target established and official service domains. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform local repository management, package building, and publishing tasks, such asgit pull,uv build, anduv publish. - [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it reads and processes external data from
pyproject.toml(package name and version) to determine publishing parameters. However, the risk is mitigated by the skill's design, which emphasizes local machine execution and manual verification. - [DATA_EXFILTRATION]: The skill retrieves credentials from the Doppler secret manager (
doppler secrets get ... --plain) to authenticate with PyPI. The token is used locally to publish the package to the official Python Package Index. No evidence of unauthorized data transmission to unknown third-party domains was detected.
Audit Metadata