venv-manager
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
subprocessmodule to execute environment management tasks, includingpip install,ensurepip, and running user-specified scripts from other skills. These operations are restricted to the context of the managed virtual environments. - [EXTERNAL_DOWNLOADS]: In cases where
ensurepipis unavailable, the skill is configured to download theget-pip.pyutility fromhttps://bootstrap.pypa.io/. This is an official, well-known service for Python packaging tools. - [REMOTE_CODE_EXECUTION]: The skill executes the
get-pip.pyscript downloaded from the trusted PyPA domain to install the pip package manager within a newly created virtual environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because
parser.pyextracts dependency lists and group names from theSKILL.mdfiles of other potentially untrusted skills. This information is used to define installation targets and file system paths for virtual environments. - Ingestion points: Reads
SKILL.mdandrequirements.txtfrom other skill directories. - Boundary markers: None implemented for the parsed dependency data.
- Capability inventory: Uses
subprocess.runto install packages andvenv.createfor environment setup. - Sanitization: Package names are extracted via regex and split into lists for
subprocess.run, which provides some protection against shell injection, but group names are used directly in path construction without validation.
Audit Metadata