python-project

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the uv package manager from its official source.
  • Evidence: curl -LsSf https://astral.sh/uv/install.sh in SKILL.md and reference/tech-stack.md.
  • Note: This targets a well-known service (Astral) and is a standard installation method for the tool.
  • [REMOTE_CODE_EXECUTION]: The skill includes instructions to execute the downloaded uv installation script directly in the shell.
  • Evidence: curl -LsSf https://astral.sh/uv/install.sh | sh in SKILL.md.
  • [CREDENTIALS_UNSAFE]: The project templates include an example environment configuration file.
  • Evidence: templates/api/.env.example contains placeholders like DATABASE_URL=postgresql+asyncpg://user:password@localhost:5432/myapp.
  • Note: This follows standard security best practices for secret management by providing a template with non-sensitive placeholders.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — python-project