Skills
skills/mastra-ai/mastra/mastra-smoke-test/Gen Agent Trust Hub

mastra-smoke-test

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell commands and CLI tools, including gh, pnpm, npm, lsof, kill, and python3, to manage project lifecycles and execute test scripts.
  • [EXTERNAL_DOWNLOADS]: Fetches Mastra project templates, packages from npm registries, and interacts with vendor APIs for authentication and deployment tasks.
  • [CREDENTIALS_UNSAFE]: Accesses sensitive local files, specifically ~/.mastra/credentials.json and .env files, to retrieve platform authentication tokens and LLM API keys for testing.
  • [DATA_EXFILTRATION]: Transmits retrieved authentication tokens and project metadata to official vendor endpoints (e.g., platform.mastra.ai, *.mastra.cloud) as part of the standard authentication and tracing process.
  • [PROMPT_INJECTION]: Processes untrusted data from GitHub PR titles, descriptions, and diffs to determine testing scope, which represents an indirect prompt injection surface.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:10 AM
Security Audit — agent-trust-hub — mastra-smoke-test