Skills
skills/jaechang-hits/scicraft/astropy-astronomy/Gen Agent Trust Hub

astropy-astronomy

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external files (FITS, CSV, HDF5, etc.) and remote URLs, creating a surface for indirect prompt injection where malicious instructions could be embedded in data processed by the agent.
  • Ingestion points: Data enters the agent context through methods such as Table.read(), fits.open(), and fits.getdata() across SKILL.md and references/data_io_guide.md, as well as download_file() in references/auxiliary_modules.md.
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent about treating external data as untrusted or ignoring embedded instructions.
  • Capability inventory: The skill provides tools for file system modifications via hdul.writeto(), fits.writeto(), and Table.write(), along with network access capabilities via astropy.utils.data.download_file.
  • Sanitization: Absent. No evidence of content validation or sanitization is present in the provided examples.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing well-known and trusted Python packages astropy and pytz via pip. It also includes an example of using a built-in utility to download data files from external URLs (astropy.utils.data.download_file).
  • [COMMAND_EXECUTION]: The skill includes standard shell commands in the documentation for setting up the environment, such as pip install astropy and pip install pytz.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 04:04 AM
Security Audit — agent-trust-hub — astropy-astronomy