astro-release

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes commands using the GitHub CLI (gh) to manage project milestones and retrieve pull request details. It also uses npm view to verify package versions and pbcopy to provide content for user review.
  • [PROMPT_INJECTION]: The skill aggregates community contributors by reading comments and reviews from public GitHub repositories. This constitutes an indirect prompt injection surface.
  • Ingestion points: Pull request and issue comments from the withastro/astro and withastro/docs repositories.
  • Boundary markers: No explicit markers are used for the external comment data, but the agent is directed to specific repositories.
  • Capability inventory: Execution of shell commands via gh and npm, and state modification on Linear.
  • Sanitization: The skill uses jq to extract only specific metadata (logins and URLs), effectively filtering out potentially malicious instruction content from the processed output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 01:03 PM
Security Audit — agent-trust-hub — astro-release