smoke-test
Fail
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Shell commands for project initialization and server management are constructed using user-provided parameters like
<tag>,<project-name>, and<directory>without explicit validation or sanitization. This creates a surface for arbitrary command injection if an attacker provides malicious input (e.g.,; curl ...).\n- [REMOTE_CODE_EXECUTION]: The skill executesnpx create-mastra@<tag>, where the<tag>is a user-supplied variable. This allows for the download and execution of arbitrary code from the npm registry depending on the version or package name provided.\n- [EXTERNAL_DOWNLOADS]: The skill triggers the download of thecreate-mastrapackage and subsequent project dependencies from external registries at runtime.\n- [CREDENTIALS_UNSAFE]: The instructions explicitly direct the agent to search for, read, and prompt the user for multiple sensitive API keys (OpenAI, Anthropic, etc.) to configure the project's environment variables.\n- [DATA_EXFILTRATION]: Automated browser testing includes capturing screenshots of the Mastra Studio. These screenshots may contain sensitive information such as API keys, environment configuration, or private code traces, which are then processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata