moai-alfred-proactive-suggestions
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests access to the Bash tool to perform automation tasks. According to Example 2 in 'examples.md', the skill can generate and apply batch refactor scripts based on detected patterns in the user's codebase.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the 'WebFetch' tool and the 'mcp__context7__get-library-docs' MCP tool to retrieve external documentation and productivity patterns (e.g., fetching from '/productivity/docs' as seen in the 'ProactiveSuggestionsArchitectOptimizer' class).
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted data (external codebase and documentation) to generate suggestions that the agent may act upon.
- Ingestion points: The skill reads local project files via 'Read'/'Glob' and fetches remote documentation via 'WebFetch' and 'Context7' MCP tools.
- Boundary markers: No explicit boundary markers or 'ignore' instructions for the processed content are present in the provided implementation snippets.
- Capability inventory: The skill possesses powerful capabilities including 'Bash', 'Write', and 'Edit' tools, which could be leveraged if malicious instructions were successfully injected into the analyzed data.
- Sanitization: The provided code does not demonstrate sanitization or validation of the external content before it is processed by the suggestion engine.
Audit Metadata