aistro
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs 'circular-natal-horoscope-js' and 'dayjs' from the official NPM registry, which is a recognized and well-known service for package management.
- [COMMAND_EXECUTION]: The skill directs the agent to execute Node.js scripts ('horoscope.mjs', 'moon-phase.mjs', 'random-score.mjs') with parameters derived from user input. This creates an indirect injection surface if input values like birth city or date are not correctly sanitized before being passed to the shell.
- [PROMPT_INJECTION]: The system instructions include specific persona traits and 'Must Do/Must Not' constraints intended to keep the agent focused on astrology and prevent it from answering unrelated queries.
Audit Metadata