astro-dev
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted external data via Astro's content layer, which creates a surface area for indirect prompt injection.
- Ingestion points: The skill defines patterns for
src/content.config.tsusingglobandfileloaders that ingest local markdown, MDX, JSON, and YAML files into the agent's context. - Boundary markers: There are no specific instructions or delimiters provided to the agent to distinguish between its own operational instructions and the content of the files it is processing.
- Capability inventory: The agent has the capability to read and write files, modify project configurations, and execute shell commands (e.g., package managers or Astro CLI) which could be manipulated by malicious content in a processed file.
- Sanitization: The skill lacks guidance on validating or sanitizing the data ingested from content collections before it is used to influence the agent's code generation or decision-making logic.
Audit Metadata