astrowind
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill performs a
git clonefromhttps://github.com/Eng0AI/astrowind-template.git. The repository owner is not on the trusted sources list, posing a risk of downloading unverified code.\n- REMOTE_CODE_EXECUTION (MEDIUM): After cloning, the skill runsnpm installandnpm run build. This executes scripts (such aspostinstallor build scripts) defined in the external repository, allowing for arbitrary code execution from an untrusted source.
Audit Metadata