Skills
skills/ven0m0/claude-config/uv/Gen Agent Trust Hub

uv

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides detailed workflows for executing shell commands and Python scripts using the uv utility, including uv run, uvx, and uv pip commands.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install third-party packages and CLI tools from external registries such as PyPI using uv add and uvx.
  • [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection through the processing of untrusted project files.
  • Ingestion points: The agent reads external files including pyproject.toml, uv.lock, and requirements.txt to manage dependencies.
  • Boundary markers: There are no explicit markers or instructions to treat data within these files as non-executable text or to ignore embedded instructions.
  • Capability inventory: The skill is allowed to use Bash for command execution and Write/Edit for file system modification.
  • Sanitization: No sanitization logic or validation is implemented for the content extracted from these external configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 09:06 PM