Skills
skills/mastra-ai/skills/mastra-embedded-docs-look-up/Gen Agent Trust Hub

mastra-embedded-docs-look-up

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill instructs the agent to use shell commands (cat, ls, grep) to interact with the filesystem. While these commands are limited to reading documentation files within the @mastra scope in node_modules, they represent a direct command execution interface.
  • INDIRECT PROMPT INJECTION (LOW): The skill reads external data from installed package directories which could potentially contain malicious instructions.
  • Ingestion points: Local filesystem paths in node_modules/@mastra/*/dist/docs/ including JSON, Markdown, and TypeScript definition files.
  • Boundary markers: Absent. There are no instructions to the agent to disregard potential instructions found within the documentation content.
  • Capability inventory: Filesystem read access via cat and ls commands.
  • Sanitization: Absent. The content from the files is processed as-is without escaping or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:09 PM