Skills
NYC
skills/smithery/ai/astro-expert/Gen Agent Trust Hub

astro-expert

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection because it ingests untrusted external content (code review of project files) and possesses high-privilege capabilities.
  • Ingestion points: The agent is instructed to review code and use tools like Read, Grep, and Glob to pull project content into its context.
  • Boundary markers: No boundary markers or 'ignore embedded instructions' delimiters are defined to separate the skill's system instructions from the content being analyzed.
  • Capability inventory: The skill has access to Bash, Write, and Edit tools, allowing for file modification and system command execution.
  • Sanitization: No sanitization or validation of the ingested code is performed before the agent processes it.
  • COMMAND_EXECUTION (MEDIUM): The skill explicitly grants the agent the Bash tool and mandates its use via a 'Memory Protocol' (cat .claude/context/memory/learnings.md). While the specific command listed is for reading, the broad availability of the Bash tool in a context where untrusted user input is processed creates a significant attack surface for command injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:53 AM