Skills
skills/ajbcoding/claude-skill-eval/moai-change-logger/Gen Agent Trust Hub

moai-change-logger

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.
  • Ingestion points: Monitors file system modifications and Git repository activity (commits, branch history, and status) as described in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are defined in the provided logic for processing file changes or git messages.
  • Capability inventory: The skill is permitted to use Bash, Write, WebSearch, and WebFetch tools.
  • Sanitization: No content sanitization or validation is indicated for data read from files or git logs before processing.
  • [COMMAND_EXECUTION]: The skill is granted Bash permissions and includes logic to track command history (track_command_history). This functionality creates a risk of logging sensitive data if shell commands containing secrets are captured in persistent audit trails.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:06 AM