uv-package-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and executing untrusted public content (e.g., "curl -LsSf https://astral.sh/uv/install.sh | sh", "uv add git+https://github.com/user/repo.git", and commands like "uv sync"/"uv pip install" that pull packages from PyPI/GitHub), so the agent's workflow would ingest third‑party, user‑generated content that can materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes installer commands that fetch and execute remote scripts to install the required tool (e.g., curl -LsSf https://astral.sh/uv/install.sh | sh and powershell "irm https://astral.sh/uv/install.ps1 | iex"), which would execute remote code at runtime to obtain the uv dependency.