Skills
skills/ajbcoding/claude-skill-eval/moai-cc-mcp-plugins/Gen Agent Trust Hub

moai-cc-mcp-plugins

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill specifies the use of the Bash tool in its metadata and provides JSON templates that configure the execution of subprocesses via npx and python. This functionality is necessary for its stated purpose of managing MCP servers.
  • [PROMPT_INJECTION]: The skill implements a workflow that fetches external documentation and patterns via the mcp__context7__get-library-docs tool (documented in SKILL.md). This ingestion of external data constitutes an indirect prompt injection surface.
  • Ingestion points: SKILL.md (references to mcp__context7__get-library-docs fetching from /modelcontextprotocol/servers).
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands were found in the provided snippets.
  • Capability inventory: The skill possesses the Bash, Write, Edit, and Glob tools, which could be leveraged if an injection occurs.
  • Sanitization: No explicit sanitization or validation of the fetched documentation is described.
  • [EXTERNAL_DOWNLOADS]: The skill references several external Node.js packages in SKILL.md and templates/settings-mcp-template.json (such as @anthropic-ai/mcp-server-github and @modelcontextprotocol/server-filesystem). These are sourced from well-known and trusted organizations, posing no inherent risk as referenced.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:06 AM