mandex
Fail
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes the official installation script from
https://mandex.dev/install.shvia shell pipe (curl | sh). - [EXTERNAL_DOWNLOADS]: Downloads documentation packages from the vendor's CDN (
cdn.mandex.dev) and retrieves an ONNX semantic reranking model (~50MB) from the network during the initial search operation. - [COMMAND_EXECUTION]: Implements several CLI operations (
mx pull,mx search,mx sync,mx build) for documentation management, including scanning local project files to detect dependencies and initializing integrations with other agent tools. - [PROMPT_INJECTION]: Exhibits an indirect prompt injection surface by retrieving and displaying external documentation content which could be maliciously crafted to influence agent behavior.
- Ingestion points: Documentation entries pulled from the vendor CDN and indexed in local SQLite databases (SKILL.md).
- Boundary markers: Absent; instructions do not include specific delimiters or warnings to ignore embedded instructions in documentation search results.
- Capability inventory: Subprocess execution for CLI commands, network access for package downloads, and file system read access for project manifests (SKILL.md).
- Sanitization: No explicit sanitization or filtering of documentation content before display to the agent is described.
Recommendations
- HIGH: Downloads and executes remote code from: https://mandex.dev/install.sh - DO NOT USE without thorough review
Audit Metadata