moai-alfred-language-detection
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted project configuration files.
- Ingestion points: The logic defined in
SKILL.mdreads and parsespackage.json,pyproject.toml,Cargo.toml, andgo.modto identify project metadata. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the content of these files as untrusted or to ignore any embedded commands.
- Capability inventory: The skill utilizes
ReadandBash(grep and ripgrep) capabilities to extract information from the filesystem. - Sanitization: The implementation examples show that values from the configuration files (such as descriptions or dependency names) are extracted and stored without sanitization or validation, which could be exploited if an attacker places malicious instructions in these fields.
Audit Metadata