moai-alfred-clone-pattern
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a Master-Clone architecture that is susceptible to indirect prompt injection through its task delegation workflow.
- Ingestion points: As seen in
SKILL.md(Level 2 and 3 architecture) andexamples.md, results from initial analysis tasks (like codebase scans) are interpolated directly into the prompt strings of subsequent autonomous implementation tasks. - Boundary markers: The prompt templates provided in the documentation do not use delimiters or specific 'ignore' instructions to isolate interpolated data from agent instructions.
- Capability inventory: Clones are granted high-privilege tool access, including
Read,Bash, andTask, which allows them to modify the file system and execute arbitrary shell commands based on the injected instructions. - Sanitization: The skill does not include or recommend any validation, filtering, or sanitization of data flowing between autonomous agent instances.
Audit Metadata