mintlify
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill incorrectly directs users to install the
mintNPM package instead of the officialmintlifyCLI. This results in the installation of an unrelated programming language package rather than the intended documentation tool.\n- [COMMAND_EXECUTION]: Recommends executing commands using themintbinary, which corresponds to the incorrectly identified package and could lead to unintended system behavior or the execution of binaries not associated with the documented service.\n- [PROMPT_INJECTION]: The skill contains deceptive metadata claiming the author is 'mintlify' while the true author is 'illusion47586', which is a deceptive practice used to gain unearned trust. It also identifies a surface for indirect prompt injection via the processing of MDX and configuration files (Ingestion points: docs.json, *.mdx, openapi.yml; Boundary markers: None; Capability inventory: CLI execution; Sanitization: None)
Recommendations
- AI detected serious security threats
Audit Metadata