uv-package-manager

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes direct install commands that fetch and execute remote code at runtime (e.g., curl -LsSf https://astral.sh/uv/install.sh | sh and powershell "irm https://astral.sh/uv/install.ps1 | iex"), which execute remote code and are presented as a required installation path for using the tool.