moai-cc-skills
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The 'Progressive Disclosure System' and 'Keyword-Based Activation' patterns described in
reference.mdenable skill loading based on conversation context. This architecture creates a surface for indirect prompt injection where untrusted data from a conversation can trigger the activation of specific internal skills. - Ingestion points: User conversation history and specific keywords (e.g., 'authentication', 'user management') as specified in the activation logic within
reference.md. - Boundary markers: The documentation does not define delimiters or instructions to ignore embedded commands within the conversation context used for activation.
- Capability inventory: The skill metadata in
SKILL.mddefines requirements forRead,Bash, andGlobtools. - Sanitization: No mechanisms for sanitizing or validating conversation input are described before it triggers skill activation.
- [EXTERNAL_DOWNLOADS]: The
reference.mdfile contains references to official documentation and guidelines from well-known technology and academic organizations, including the Google Developer Documentation Style Guide, the OpenAPI Specification, and Stanford University's Knowledge Systems Lab.
Audit Metadata