moai-alfred-ask-user-questions
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a guideline for agent interaction and does not contain malicious code or instructions.
- [COMMAND_EXECUTION]: The documentation references a shell command (
cat .moai/config.json | jq ...) used solely for retrieving the user's configured language from a local settings file. This is a documented best practice for internationalization and is considered a benign administrative task. - [DATA_EXPOSURE]: The skill references a local configuration file (
.moai/config.json). This file is used for standard application settings (such as language preferences) and does not contain sensitive credentials or private user data. - [PROMPT_INJECTION]: The skill is designed to handle user input via interactive questions. It includes explicit guidelines for validation and 'Final Confirmation' steps for high-risk operations (e.g., requiring the user to type 'DELETE'), which serve as a mitigation against accidental or malicious command execution via user input.
Audit Metadata