uv
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides patterns for downloading Python packages and CLI tools from registries and Git repositories. These are standard operations for a package manager and target well-known ecosystems.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of Python scripts and developer tools through the uv runner. This behavior is restricted to the local project environment and consistent with the tool's intended use-case.\n- [INDIRECT_PROMPT_INJECTION]: The skill describes processing configuration files (pyproject.toml, uv.lock) and requirements files in SKILL.md. This establishes a surface for indirect prompt injection.\n
- Ingestion points: Project configuration and lock files (SKILL.md).\n
- Boundary markers: None explicitly defined in instructions.\n
- Capability inventory: Subprocess execution via uv and file modification via Write (SKILL.md).\n
- Sanitization: No escaping or validation of external content mentioned.
Audit Metadata