integration-astro-view-transitions
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow that reads user project files to identify event tracking opportunities, which represents a surface for indirect prompt injection. This is inherent to the skill's primary purpose of automated integration and is mitigated by the scope of the agent's tasks.
- Ingestion points: Reads project files to determine business value for tracking (
basic-integration-1.0-begin.md). - Boundary markers: Not explicitly defined in the prompts.
- Capability inventory: Modifying source code, creating new files, and executing project scripts.
- Sanitization: None.
- [COMMAND_EXECUTION]: The workflow includes a step to run linting or formatting scripts (e.g., Prettier, ESLint) found in the user's
package.jsonon the files modified by the agent. This is restricted to files touched by the skill during the session and is a standard development practice. - [EXTERNAL_DOWNLOADS]: The skill utilizes the official PostHog web snippet which loads the PostHog library from its official content delivery network (
us.i.posthog.com). This is a well-known service and the reference is documented neutrally as intended functionality.
Audit Metadata