Skills
skills/vamseeachanta/workspace-hub/python-project-template/Gen Agent Trust Hub

python-project-template

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The command 'curl -LsSf https://astral.sh/uv/install.sh | sh' was detected. Piping a remote script directly to a shell is a critical vulnerability that permits immediate, unverified code execution from a third-party server.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The script is downloaded from 'astral.sh'. While associated with a known developer tool, this domain is not included in the strict 'Trusted External Sources' list provided in the security skill configuration, classifying it as an untrusted source in this context.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 20, 2026, 03:51 PM