setting-up-astro-project

This skill is documentation and configuration guidance for creating and configuring Astro/Airflow projects. It does not contain code that downloads and executes remote payloads, obfuscated logic, or direct exfiltration routines. Primary risks are operational: example cleartext credentials in airflow_settings.yaml which encourage insecure secret handling, and an example Dockerfile that installs packages from a custom package index without pinning or verification (a supply-chain risk if an untrusted index is used). Recommend removing or clearly marking example credentials, advising use of secret management (Airflow connections via environment secrets or secret backends), and recommending package pinning and verified sources for Dockerfile installs.