materialize-docs
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (LOW): Several documentation files provide installation steps using piped shell commands from remote sources.
- Evidence:
integrations/llm/index.md(downloads fromastral.sh),integrations/cli/index.md(downloads frommaterialize.com). - Context: These are official installation methods for
uvand themzCLI. The severity is low because they are educational examples in documentation rather than automatically executed code. - Indirect Prompt Injection (LOW):
- Ingestion points: The skill is designed to handle user questions and tasks, which are interpolated into responses (
README.md,SKILL.md). - Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions found in user-provided snippets.
- Capability inventory: The documentation provides the agent with knowledge on how to use CLI tools (
mz), SQL shells (psql), and HTTP APIs, which could be leveraged to perform sensitive database operations if an injection occurs. - Sanitization: Absent. There is no guidance on sanitizing user inputs before using them in database queries.
- Data Exposure & Exfiltration (SAFE): Analysis of 273 files confirms that all credentials, API keys, and connection strings are placeholders (e.g.,
<MZ_USER>,mzp_...,your-password). No hardcoded secrets or sensitive configuration data was detected. - Obfuscation (SAFE): Base64 strings detected in documentation examples (e.g.,
c2VjcmV0Cg==,AEBBQv8=) decode to benign strings like 'secret' or binary test data used for demonstrating SQL functions.
Audit Metadata