python-use
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the use of the 'uv' CLI tool for all environment management tasks, including 'uv run' for executing scripts and 'uv sync' for dependency management. These are standard operations for the primary purpose of the skill.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading packages from official registries and references the 'astral-sh/uv' GitHub repository for documentation. As 'uv' is a well-known service in the Python ecosystem, these references are considered safe.
- [REMOTE_CODE_EXECUTION]: Provides templates for adding dependencies directly from Git repositories (e.g., 'uv add git+https://github.com/...'). This is an inherent feature of Python dependency management used here to define standard workflows.
- [PROMPT_INJECTION]: (Indirect) The skill describes workflows that involve processing external configuration files like 'pyproject.toml' and 'requirements.txt'. While these files could theoretically be used for indirect prompt injection by an external attacker, the skill promotes isolation to mitigate impact.
- Ingestion points: 'pyproject.toml', 'requirements.txt', and remote Git repositories.
- Boundary markers: Absent in the instruction text.
- Capability inventory: Includes environment creation, package installation, and script execution.
- Sanitization: Relies on the 'uv' tool's internal dependency resolution and standard operating system permissions.
Audit Metadata