Skills
skills/astronomer/agents/testing-dags/Gen Agent Trust Hub

testing-dags

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses uvx to execute the astro-airflow-mcp package. This is a tool provided by the vendor 'astronomer' for management and debugging operations.
  • [COMMAND_EXECUTION]: The skill instructs the agent to run CLI commands such as af and astro dev to manage Airflow workflows. These are expected behaviors for the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface.
  • Ingestion points: The agent retrieves task logs via af tasks logs (SKILL.md), which may contain content from external or untrusted sources.
  • Boundary markers: No specific delimiters or instructions are used to separate log data from agent instructions.
  • Capability inventory: The agent has the capability to execute shell commands and modify file content (e.g., DAG files and requirements.txt) as described in the Phase 3 'Fix and Retest' section of SKILL.md.
  • Sanitization: There is no evidence of log content validation or sanitization before it is consumed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:43 PM