astrowind
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill clones a repository from an untrusted source (
https://github.com/Eng0AI/astrowind-template.git) and proceeds to runnpm install. This allows the external repository to execute arbitrary code on the host system via npm lifecycle scripts (preinstall, postinstall). - Command Execution (HIGH): The instructions include
npm run buildandnpm run dev. If the downloaded repository is malicious, these commands will execute attacker-controlled logic within the local environment. - Indirect Prompt Injection (MEDIUM):
- Ingestion points: The skill ingests a complete project structure from an external Git repository (SKILL.md).
- Boundary markers: None. The agent treats the downloaded content as trusted project files.
- Capability inventory: The skill has the capability to execute shell commands, manage packages, and deploy to external platforms (Vercel, Netlify).
- Sanitization: None. There is no verification of the downloaded code's integrity before execution.
Recommendations
- AI detected serious security threats
Audit Metadata