skill-python-env

The skill bundle provides a utility for managing Python virtual environments but includes high-risk behaviors in its setup process. Specifically, `ensure_python_env.sh` and `ensure_python_env.py` are designed to automatically download and execute remote shell scripts and PowerShell commands from `https://astral.sh` to install the `uv` package manager. While this is aligned with the stated purpose of 'zero-dependency' installation, the use of 'curl|sh' and 'Invoke-Expression' (iex) patterns constitutes a significant security risk for remote code execution (RCE) via supply chain or network compromise.