checking-freshness

Name: agents/checking-freshness
Author: astronomer

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is malicious, enabling SQL injection and unauthorized Airflow CLI command execution while forcing unverified dependencies to bypass security controls and exfiltrate sensitive pipeline metadata.

ThreatsCI SM CS BC S HITL

Threat Analysis

AI Agent Traps ↗Scanned 6/20/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameastronomer/agents/checking-freshness

Registrygithub

Versionda0048c49f88

PURLpkg:github/astronomer/agents@da0048c49f88?skill=checking-freshness

Stars391

Installs759

Source

Repository ↗SKILL.md ↗

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

759 installs

Skills.shDocs

npx skills add https://github.com/astronomer/agents

Assessments (3)

AI Agent Traps ↗

SQL injection — database system-object or file-access abuse (information_schema/xp_cmdshell/INTO OUTFILE/LOAD_FILE) detectedcriticalsql injectionAML.T0050AML.T0053LLM05:2025

SQL injection — database system-object or file-access abuse (information_schema/xp_cmdshell/INTO OUTFILE/LOAD_FILE) detected

100% confidenceline 22

INFORMATION_SCHEMA.COLUMNS

Implicit privilege escalation via tool chainingmediumoversight evasionAML.T0054LLM01:2025LLM07:2025

By directing the agent to use 'af dags list' and 'af dags get', the skill assumes the agent has pre-configured CLI access to Airflow/Astro environments, potentially exposing sensitive pipeline metadata without explicit user authorization for those specific tools.

70% confidence

Use `af dags list` and `af dags get <dag_id>`

Cross-skill dependency injectionmediumsub agent spawningAML.T0053AML.T0051.001LLM06:2025

The skill explicitly instructs the agent to invoke a separate, external skill ('debugging-dags') if data is stale, creating a hard-coded dependency on an unverified third-party component.

80% confidenceline 102

Action: Investigate with **debugging-dags** skill

Description Mismatchhighdescription mismatchAML.T0011.000LLM06:2025LLM09:2025

The skill includes instructions to execute arbitrary Airflow CLI commands and cross-references another skill, which exceeds the stated purpose of a simple data freshness check and introduces potential command injection or unauthorized system interaction risks.

85% confidence

The 'If Data is Stale' section explicitly directs the use of 'af dags list', 'af dags get', and 'af dags stats' commands.

Missing licenseinfopolicy violation

Skill does not specify a license field. Specifying a license helps users understand usage terms.

100% confidence

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/astronomer/agents/checking-freshness.svg)](https://mondoo.com/ai-agent-security/skills/github/astronomer/agents/checking-freshness)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/astronomer/agents/checking-freshness"><img src="https://mondoo.com/ai-agent-security/api/badge/github/astronomer/agents/checking-freshness.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/astronomer/agents/checking-freshness.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow