mastra-hono
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The Hono server template creates a chat endpoint that interpolates user input directly into an agent generation call, which is a potential surface for indirect prompt injection. \n
- Ingestion points: assets/hono-server-template.ts (POST /chat endpoint extracts 'message' from the request body). \n
- Boundary markers: Absent; the template does not include delimiters or specific instructions to ignore embedded commands. \n
- Capability inventory: The templates reference tools with network access (fetch) and database interaction (LibSQLStore). \n
- Sanitization: No content-specific sanitization is present in the provided templates.
Audit Metadata