skills/fusengine/agents/astro-actions/Gen Agent Trust Hub

astro-actions

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file contains mandatory workflow instructions that attempt to override and strictly define the agent's behavior.
  • Evidence: The 'Agent Workflow (MANDATORY)' section in SKILL.md requires the spawning of specific agents and execution of tasks 'Before ANY implementation'.
  • [PROMPT_INJECTION]: The skill describes patterns for ingesting untrusted data through server actions, creating a surface for indirect prompt injection.
  • Ingestion points: HTML forms (references/forms.md) and JSON payloads (references/templates/json-action.md) processed by the 'handler' function.
  • Boundary markers: No explicit prompt-level delimiters or 'ignore' instructions are provided in the code templates to separate user data from system instructions.
  • Capability inventory: Actions are shown performing database mutations (db.newsletter.create, db.posts.like) and console logging in references/defining-actions.md and references/templates/contact-form.md.
  • Sanitization: The skill correctly mandates the use of Zod schema validation ('Always define input schema — Never skip Zod validation') to enforce data types, which provides partial mitigation against malformed data but does not address natural language injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 10:58 AM
Security Audit — agent-trust-hub — astro-actions