astro
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is centered around executing CLI commands (e.g.,
npx astro dev,npx astro build). While these are standard for Astro development, they involve executing code in the host environment. - [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes
npxandnpx astro add, which download and execute packages from the npm registry at runtime. Although Astro is a reputable framework, these operations pull external code. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to interact with project files such as
package.jsonandastro.config.js. An attacker who can influence these files (e.g., in a public repository) could potentially trigger malicious behavior when the agent processes them. - Ingestion points:
astro.config.*,package.json, and project directories referenced inSKILL.md. - Boundary markers: Absent; the skill does not define specific delimiters for untrusted project data.
- Capability inventory: Subprocess execution via
npxfor building, syncing, and adding integrations. - Sanitization: Absent; the skill does not suggest validating or sanitizing project file contents before execution.
- [POTENTIAL TYPOSQUATTING] (LOW): The command
npmx astro syncappears to contain a typo (usingnpmxinstead ofnpx). While likely a documentation error, typos in executable commands can occasionally be exploited if a malicious package with the typo's name exists in the path or registry.
Audit Metadata