moai-alfred-config-schema
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform configuration audits and pre-commit checks. It provides a script template in SKILL.md that leverages git diff and grep to scan for hardcoded secrets in staged files.
- [EXTERNAL_DOWNLOADS]: The skill utilizes WebFetch to interact with external resources, specifically for retrieving JSON Schema definitions from json-schema.org and documentation via the context7 MCP integration.
- [PROMPT_INJECTION]: The skill manages a surface for indirect prompt injection by processing external configuration files (config.json, .env). 1. Ingestion points: Configuration files located at .moai/config/config.json and .moai/config/.env*. 2. Boundary markers: Uses structured JSON formats and explicit validation logic as boundaries for processed data. 3. Capability inventory: Includes Bash for auditing, Write/Edit for configuration management, and WebFetch for schema retrieval. 4. Sanitization: Implements JSON Schema v2024-12 validation and semantic versioning regex checks to ensure data integrity.
Audit Metadata