Skills
skills/ssdeanx/agentstack/mastra/Gen Agent Trust Hub

mastra

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous commands for the agent to execute in the user's environment, including filesystem operations (ls node_modules/@mastra/, cat node_modules/...), package management (npm install, npm update), and running development servers (npm run dev). These are standard for a development framework guide but involve broad access to the local project structure.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch the latest documentation and migration guides from the official Mastra website (https://mastra.ai/llms.txt). These fetches are used to provide the agent with current API signatures and patterns.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted data from external sources and local files to guide its behavior.
  • Ingestion points: Files in node_modules/@mastra/ (specifically SOURCE_MAP.json and .d.ts files) as described in SKILL.md, and remote content from https://mastra.ai/llms.txt as described in references/remote-docs.md.
  • Boundary markers: Absent. There are no explicit instructions for the agent to use delimiters or ignore embedded instructions within the fetched documentation.
  • Capability inventory: The skill uses subprocess calls (cat, ls, npm, npx) and network operations (WebFetch) to process the ingested data.
  • Sanitization: Absent. The skill does not specify any validation or filtering of the content retrieved from local files or remote URLs before incorporating it into the response context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 02:37 AM