python-project
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
uvpackage manager from its official source. - Evidence:
curl -LsSf https://astral.sh/uv/install.shinSKILL.mdandreference/tech-stack.md. - Note: This targets a well-known service (Astral) and is a standard installation method for the tool.
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to execute the downloaded
uvinstallation script directly in the shell. - Evidence:
curl -LsSf https://astral.sh/uv/install.sh | shinSKILL.md. - [CREDENTIALS_UNSAFE]: The project templates include an example environment configuration file.
- Evidence:
templates/api/.env.examplecontains placeholders likeDATABASE_URL=postgresql+asyncpg://user:password@localhost:5432/myapp. - Note: This follows standard security best practices for secret management by providing a template with non-sensitive placeholders.
Audit Metadata