moai-baas-foundation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data alongside high-privilege tools.
- Ingestion points: Untrusted external data is retrieved via
WebSearch,WebFetch, and themcp__context7__get-library-docstool (as seen in SKILL.md). - Boundary markers: The skill definition does not provide boundary markers or explicit instructions to the agent to disregard or isolate potentially malicious instructions embedded in the fetched external content.
- Capability inventory: The skill is granted access to the
Bashtool, enabling powerful command execution capabilities. - Sanitization: No evidence of sanitization, filtering, or validation is present for the data retrieved from external web sources or documentation.
- [COMMAND_EXECUTION]: The skill is configured with access to the
Bashtool. This capability allows the agent to execute arbitrary shell commands on the underlying system, which significantly increases the potential impact if the agent's behavior is influenced by malicious external data retrieved during operation.
Audit Metadata