Skills
skills/mastra-ai/skills/mastra/Gen Agent Trust Hub

mastra

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions that direct the agent to disregard its internal training data in favor of current documentation (e.g., "Do not trust internal knowledge", "Never rely on memory"). This is designed to mitigate risks from outdated information in rapidly evolving software versions, though it employs instructional patterns similar to those used to bypass model knowledge constraints.
  • [EXTERNAL_DOWNLOADS]: The documentation guides the agent to fetch information from remote sources, specifically 'https://mastra.ai/llms.txt' and other markdown endpoints on the mastra.ai domain, to provide accurate context for code generation and troubleshooting.
  • [COMMAND_EXECUTION]: The skill provides numerous CLI commands for the agent to use, including directory management ('mkdir', 'cd'), file inspection ('ls', 'cat', 'grep'), and package management ('npm install', 'npm update'). It also includes commands for running Docker containers for database storage and launching a development server ('npm run dev').
  • [REMOTE_CODE_EXECUTION]: The guides include the use of 'npm create mastra@latest' and 'npx @mastra/codemod@latest', which involve downloading and executing remote packages to scaffold projects or automate code migrations.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it instructs the agent to process data from external documentation.
  • Ingestion points: Data is ingested from 'https://mastra.ai/llms.txt' and associated documentation URLs (SKILL.md, references/remote-docs.md).
  • Boundary markers: No explicit boundary markers or delimiters are specified in the instructions for the content retrieved from these external sources.
  • Capability inventory: The agent possesses extensive capabilities, including executing shell commands, managing local files, and performing network operations via tools (SKILL.md).
  • Sanitization: There are no instructions provided for the sanitization or validation of the documentation content before it is used by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 03:02 PM