Skills
skills/whatifwedigdeeper/agent-skills/uv-deps/Gen Agent Trust Hub

uv-deps

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill handles untrusted data from project manifest files and security audit reports which could be vectors for indirect prompt injection attacks.
  • Ingestion points: pyproject.toml, uv.lock, and pip-audit JSON output (SKILL.md).
  • Boundary markers: Present. The skill contains explicit instructions to treat manifest data as structured and ignore any embedded natural language instructions (SKILL.md).
  • Capability inventory: File system access, network access (PyPI/GitHub), and execution of git, uv, and gh (SKILL.md).
  • Sanitization: Implements JSON parsing and strictly validates GHSA IDs using regex before inclusion in API calls (references/audit-workflow.md).
  • [COMMAND_EXECUTION]: The skill utilizes dynamic script generation by creating a temporary Python script at runtime to filter vulnerability data (references/audit-workflow.md). While the script is based on a static template, it operates on externally sourced metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 02:15 AM