astroflare
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs the agent to initialize projects using 'pnpx starwind@latest init'. Starwind UI is not a recognized trusted external source, presenting a risk of unverifiable dependency injection.
- [REMOTE_CODE_EXECUTION] (HIGH): Instructions to use 'npx starwind@latest add' allow the execution of arbitrary scripts directly from the npm registry at runtime without version locking or integrity verification.
- [COMMAND_EXECUTION] (MEDIUM): The skill mandates multiple shell operations including 'pnpm build', 'pnpm fix', and 'pnpm gen:types'. While typical for Astro development, their combination with untrusted external downloads elevates the privilege and impact of potential malicious code.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion point: The agent is instructed to read implementation patterns from 'https://starwind.dev/llms-full.txt'. 2. Capability inventory: The agent has shell execution ('pnpm') and file modification ('pnpm fix') capabilities. 3. Boundary markers: Absent. 4. Sanitization: Absent. External content from the referenced URL could potentially manipulate agent behavior during code generation.
Recommendations
- AI detected serious security threats
Audit Metadata