new-python-project
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill demonstrates a command injection surface (Category 8). User-provided variables such as
project_nameandproject_descriptionare directly interpolated into shell commands across several steps (e.g.,uv init,uv run python -c). - Ingestion points: Step 1 collects project metadata from the user.
- Boundary markers: Absent. There are no instructions to sanitize or escape user input before shell execution.
- Capability inventory: The skill utilizes
uv(subprocess execution),curl(network), and file writing capabilities. - Sanitization: Absent. The skill assumes the agent or user will provide safe strings.
- [External Downloads] (SAFE): The skill downloads a standard
.gitignoretemplate from GitHub's official repository. Although the 'github' organization is not on the explicit 'Trusted' list in the developer instructions, the content is a non-executable configuration file, posing negligible risk. - [Remote Code Execution] (SAFE): The automated scan's 'CRITICAL' alert regarding the
.gitignoredownload is a false positive. The commandcurl ... -o .gitignoresaves a text file and does not execute it. Additionally, the pre-commit hooks used inassets/pre-commit-config.yamlpoint to well-known, industry-standard repositories (e.g., psf/black, astral-sh/ruff) which are considered safe in this context. - [Dynamic Execution] (LOW): The skill generates Python version files and then executes them via
uv run python -c. This is a standard project setup pattern using known templates and does not incorporate untrusted external code at runtime.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/github/gitignore/refs/heads/main/Python.gitignore - DO NOT USE without thorough review
Audit Metadata