setting-up-python-libraries
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The
scripts/create_project.pyscript interpolates user-provided command-line arguments directly into generated project files without strict sanitization. This creates a surface for indirect prompt injection if the script is used with data from untrusted sources. * Ingestion points:name,author,email, anddescriptionarguments inscripts/create_project.py. * Boundary markers: Absent; inputs are directly embedded into f-string templates. * Capability inventory: Local file system write operations (Path.write_text) and directory creation. * Sanitization: Minimal; handles basic package name formatting but lacks protection against path traversal or malicious content injection into configuration files. - COMMAND_EXECUTION (LOW): The skill generates a
Makefilecontaining standard shell commands for development automation (linting, testing, formatting). - EXTERNAL_DOWNLOADS (LOW): The skill configures standard Python developer dependencies and GitHub Actions from established and trusted ecosystems such as Astral and the Python Packaging Authority (PyPA).
Audit Metadata