uv-python-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly fetch and run arbitrary third‑party content (e.g., "git clone " in Workflow 2 and commands like "uv pip install", "uv sync", and the curl install from https://astral.sh"), which causes the agent to ingest and read user-provided repositories, package metadata, and scripts from public sources (PyPI/git) that are untrusted and could contain indirect prompt-injection content.