astro
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of documentation and code examples for the Astro framework. No executable scripts are included that would perform actions outside of the agent's controlled environment.
- [EXTERNAL_DOWNLOADS]: Mentions standard framework packages like @astrojs/react and @astrojs/tailwind which are downloaded from the official npm registry during project setup. These are trusted and well-known dependencies.
- [COMMAND_EXECUTION]: Provides standard development commands (e.g., npm run dev, npx astro add) for the user to run in their own terminal. No unauthorized or hidden command execution patterns were found.
- [CREDENTIALS_UNSAFE]: Includes placeholder credentials in documentation recipes (e.g., email === 'user@example.com') and demonstrates the use of environment variables for secrets, which is a security best practice. No hardcoded production secrets are present.
Audit Metadata