mintlify
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the Mintlify CLI via 'npm i -g mint' and the use of the '@mintlify/scraping' package for migrations. These are official tools for the documented service.
- [COMMAND_EXECUTION]: The instructions include the use of several CLI commands such as 'mint dev', 'mint broken-links', and 'mint validate' to manage the documentation workflow.
- [PROMPT_INJECTION]: The skill processes project files and external content, creating an indirect prompt injection surface.
- Ingestion points: The agent reads 'docs/docs.json', 'openapi.yml', and existing MDX content pages ('*.mdx') to understand project structure and voice.
- Boundary markers: No specific delimiters or warnings for embedded instructions are provided when reading external documentation or API specifications.
- Capability inventory: The agent has the ability to execute CLI commands ('mint dev', 'mint validate'), create or modify MDX files, and update the site configuration in 'docs.json'.
- Sanitization: There is no mention of sanitizing or validating inputs from the processed documentation files or OpenAPI specifications.
Audit Metadata