python-project-template
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Confirmed detection of piped remote execution. The command
curl -LsSf https://astral.sh/uv/install.sh | shdownloads and executes a script directly from the internet without any local verification or integrity checks. - [EXTERNAL_DOWNLOADS] (HIGH): The skill references an external script hosted on
astral.sh. While Astral is a known developer tool provider, it is not included in the pre-defined list of Trusted GitHub Organizations or Repositories, so the download is treated as unverified. - [DATA_EXFILTRATION] (SAFE): Automated scanners flagged
logger.infoas a malicious URL. Technical analysis determines this is a false positive where a standard code method for logging was misinterpreted as a TLD-based domain.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata