moai-alfred-session-state
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines mechanisms for restoring session state from local files and handoff packages, representing an indirect prompt injection surface. Evidence Chain: 1. Ingestion points: Files in .moai/sessions/ and handoff_package JSON objects. 2. Boundary markers: None identified in the restoration snippets. 3. Capability inventory: Bash, Read, and TodoWrite tools. 4. Sanitization: No input validation or context sanitization is described in the restoration logic.
- [COMMAND_EXECUTION]: The skill metadata allows the Bash tool, which is used in documentation examples for monitoring session context and managing local state files within the .moai directory.
- [SAFE]: The skill does not contain hardcoded secrets, obfuscated code, or unauthorized network operations. External references to the Claude Agent SDK and Git are considered safe vendor resources.
Audit Metadata