uv
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The troubleshooting guide (references/troubleshooting.md) recommends installing the tool via 'curl -LsSf https://astral.sh/uv/install.sh | sh'. Piping a remote script directly to a shell is a dangerous pattern that can lead to full system compromise if the delivery chain is intercepted. Following the adversarial reasoning framework, the severity is downgraded from CRITICAL to HIGH because the activity is integral to the primary purpose of the documented tool.
- EXTERNAL_DOWNLOADS (LOW): The documentation and examples (references/examples.md) reference multiple external Python packages such as 'requests', 'httpx', and 'django', and illustrate the use of 'uvx' to download and execute tools from the Python Package Index (PyPI). This represents a dependency on external registries.
- COMMAND_EXECUTION (LOW): The core functionality described in 'references/cli-and-commands.md' involves 'uv run', 'uv sync', and 'uv build', which execute subprocesses and manage local environment states.
- PROMPT_INJECTION (LOW): The skill documents workflows for importing dependencies from external files like 'requirements.txt' (references/cli-and-commands.md), which serves as a surface for indirect prompt injection. Mandatory Evidence Chain: 1. Ingestion points: 'uv add -r requirements.txt' (references/cli-and-commands.md). 2. Boundary markers: Absent; no delimiters or ignore-instructions are suggested for file processing. 3. Capability inventory: 'uv run' and 'uv sync' (references/cli-and-commands.md) provide code execution capabilities. 4. Sanitization: Absent; no validation or sanitization of dependency files is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata