mastra
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation from
https://mastra.ai/llms.txtand install official packages via npm (mastra@latest,@mastra/core@latest, etc.). These resources are owned by the official framework vendor. - [COMMAND_EXECUTION]: Several standard shell commands (
ls,grep,cat) are used to inspect local documentation and source files within thenode_modulesdirectory. Additionally, the skill includes a local script (scripts/provider-registry.mjs) used to list available models and providers from a local JSON registry file. These operations are routine for a development-focused skill. - [PROMPT_INJECTION]: The skill contains instructions like 'Critical: Do not trust internal knowledge' to ensure the agent uses the most up-to-date documentation. This is a common instructional pattern for fast-moving frameworks and does not constitute a malicious override of safety guidelines.
Audit Metadata