mux-video
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Safe Documentation] (SAFE): The analyzed files consist of reference guides and implementation examples for Mux Video and Data APIs. No executable malicious scripts or prompt injection instructions are present.
- [Standard Dependency Usage] (SAFE): The documentation references official packages such as
@mux/mcpandsanity-plugin-mux-input. These are legitimate libraries provided by the Mux organization for platform integration. - [Indirect Prompt Injection Surface] (LOW): The MCP server documentation (
reference/mcp-server.md) describes a tool that ingests external data (video metadata, analytics) from the Mux API. This creates a standard surface for indirect prompt injection if an attacker controls the data within the Mux account, though the documentation itself contains no malicious instructions. - Ingestion points: Mux API (Video metadata, Asset titles, Analytics metrics)
- Boundary markers: Not explicitly defined in documentation examples; assumed to be handled by the LLM client.
- Capability inventory: Asset management, metadata updates, analytics querying.
- Sanitization: Not present in documentation examples; relies on Mux API and LLM client sanitization.
- [Credential Safety] (SAFE): All examples use clearly labeled placeholders (e.g.,
your-access-token-id,YOUR_ENV_KEY_HERE) rather than hardcoded credentials.
Audit Metadata