skills/hyperb1iss/hyperskills/uv/Gen Agent Trust Hub

uv

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides standard documentation for the 'uv' tool, which is a legitimate and widely-used Python package manager.
  • [EXTERNAL_DOWNLOADS]: The skill references downloads from well-known and official sources, including the GitHub Container Registry ('ghcr.io/astral-sh/uv'), the official Astral 'setup-uv' GitHub Action, and the official PyTorch package index. These sources are considered reputable.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of Python scripts and CLI tools within project environments using 'uv run' and 'uvx'. This functionality is standard for a package management tool.
  • [SAFE]: Indirect Prompt Injection Surface (Category 8): The skill presents an attack surface by processing project configuration files and executing associated commands.
  • Ingestion points: The skill reads and processes 'pyproject.toml', 'uv.lock', and environment files ('.env') within project directories.
  • Boundary markers: Boundary markers are not explicitly defined in the instructions, as the skill relies on the 'uv' tool's native handling of configuration files.
  • Capability inventory: The tool possesses capabilities for file system writes (virtual environment creation), network operations (dependency synchronization), and command execution via 'uv run' and 'uvx'.
  • Sanitization: Relies on the 'uv' tool's internal validation of project metadata and lockfiles.
  • Note: This surface is a standard characteristic of package management tools and is not a malicious pattern.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 11:39 PM
Security Audit — agent-trust-hub — uv