Skills
skills/crazymsn/academic-skills/astropy/Gen Agent Trust Hub

astropy

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the astropy library and its optional dependencies using the uv package manager as shown in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: Fetches remote data files, including FITS images and tables, from S3 buckets or HTTP servers, and queries online astronomical databases (e.g., SIMBAD/NED) for coordinates as described in references/fits.md, references/coordinates.md, and references/wcs_and_other_modules.md.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from various astronomical formats and remote sources, creating a surface for indirect prompt injection.
  • Ingestion points: External data is loaded via fits.open (references/fits.md), Table.read (references/tables.md), and remote queries like SkyCoord.from_name or download_file (references/coordinates.md, references/wcs_and_other_modules.md).
  • Boundary markers: No boundary markers or specific instructions are provided to the agent to distinguish between data content and processing instructions.
  • Capability inventory: The library facilitates extensive file system access (read/write) and network operations for data retrieval and tool interoperability (SAMP).
  • Sanitization: There is no documentation regarding the sanitization or validation of the content within the astronomical data files before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 03:41 PM
Security Audit — agent-trust-hub — astropy