mastra
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation and migration guides from the official vendor domain at
https://mastra.ai/llms.txt. It also facilitates the installation of dependencies from the public NPM registry usingnpm installandnpx. These resources are provided by a well-known service associated with the skill's primary purpose. - [COMMAND_EXECUTION]: The skill provides numerous instructions for executing local commands to manage projects and inspect documentation. These include using
ls,grep, andcatto read local source files and embedded documentation innode_modules. It also covers runningnpm installfor dependency management,npx @mastra/codemodfor version upgrades, anddocker runto initialize a database for development testing. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it processes external content with significant agent capabilities:
- Ingestion points: Retrieves remote documentation from
https://mastra.ai/llms.txt(SKILL.md, references/remote-docs.md). - Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' warnings for the fetched remote content.
- Capability inventory: The skill includes commands for filesystem reading (
cat,grep) and package installation/execution (npm,npx) across multiple documentation files. - Sanitization: Absent; there is no mention of validating or filtering the remote content before it is processed by the agent.
Audit Metadata