Skills
skills/astronomer/agents/authoring-dags/Gen Agent Trust Hub

authoring-dags

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill relies on uvx --from astro-airflow-mcp af, which downloads and executes the astro-airflow-mcp package from the Python Package Index (PyPI) at runtime. This package is provided by the skill's author to facilitate Airflow management.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands through the af CLI. These commands are used to discover environment configuration (af config connections, af config variables), list existing DAGs, validate syntax, and trigger DAG runs for testing. The instructions explicitly recommend seeking user consent before triggering runs.
  • [CREDENTIALS_UNSAFE]: The file reference/best-practices.md contains a dummy database connection string (postgresql://user:password@host:5432/db). This is used as a counter-example in a section teaching users NOT to hardcode credentials. It contains no actual sensitive data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 05:39 PM