python-project

Fail

Audited by Snyk on Jun 19, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.


MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The Quick Start includes a direct install command that fetches and executes remote code ("curl -LsSf https://astral.sh/uv/install.sh | sh"), and the project repeatedly depends on uv for package management and runtime commands, so this URL is a runtime external dependency that executes remote code.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 19, 2026, 03:59 PM
Issues
2
Security Audit — snyk — python-project