Skills
skills/ajbcoding/claude-skill-eval/moai-cc-memory/Gen Agent Trust Hub

moai-cc-memory

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a framework for processing external session data which creates a vulnerability surface for indirect prompt injection.
  • Ingestion points: The file templates/session-summary-template.md provides structure for ingesting untrusted external data such as task descriptions and key insights.
  • Boundary markers: The templates lack explicit delimiters or instructions to treat ingested content as untrusted data or to ignore embedded commands.
  • Capability inventory: The SKILL.md file specifies that the agent is allowed to use powerful tools including Bash, Read, and Grep while managing this context.
  • Sanitization: No sanitization or validation logic is present to filter or escape instructions that may be hidden in the data used to populate the session summary.
  • [NO_CODE]: The skill package is composed entirely of Markdown documentation and templates. No executable scripts, source code, or binaries are provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:06 AM