Skills
skills/whatifwedigdeeper/agent-skills/uv-deps/Gen Agent Trust Hub

uv-deps

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses git worktree to create isolated environments for managing updates. (Evidence: SKILL.md Step 1 uses git worktree add and Step 8 uses git worktree remove).
  • [COMMAND_EXECUTION]: Interacts with GitHub via the gh CLI for vulnerability lookups and PR management. (Evidence: audit-workflow.md uses gh api and update-workflow.md uses gh pr create).
  • [EXTERNAL_DOWNLOADS]: Retrieves package and vulnerability metadata from trusted external services. (Evidence: uv-commands.md describes fetching JSON from pypi.org and audit-workflow.md fetches advisories from GitHub).
  • [REMOTE_CODE_EXECUTION]: Installs and runs tools dynamically via standard package managers. (Evidence: Uses uvx pip-audit and uv add to manage the project environment).
  • [REMOTE_CODE_EXECUTION]: Executes inline Python scripts to process structured data. (Evidence: audit-workflow.md and update-workflow.md use python3 -c for JSON extraction and filtering).
  • [SAFE]: Proactively mitigates indirect prompt injection risks by defining data boundaries for external content. (Evidence: SKILL.md Step 3 instructs to treat manifest content as untrusted data and avoid interpreting free-text fields).
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 11:50 AM