moai-component-designer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its operational model.
- Ingestion points: The skill is designed to process user-supplied component requirements, architectural constraints, and design tokens in
SKILL.md. - Boundary markers: Absent. There are no instructions for the agent to distinguish between its core logic and instructions that might be embedded within user-provided data.
- Capability inventory: The skill is granted access to
Bash,WebFetch, andReadtools, which could be misused if the agent is tricked into executing commands hidden in user designs. - Sanitization: None provided. The skill lacks a framework for validating or escaping user-provided input before it influences tool execution or code generation.
- [COMMAND_EXECUTION]: The skill requests access to the
Bashtool. Although no malicious scripts are present in the provided files, the combination of shell access with a design-generation workflow increases the risk of command injection if the agent interprets user input as instructions. - [EXTERNAL_DOWNLOADS]: The skill references numerous trusted and well-known resources, including official documentation for React, Vue, Svelte, and WCAG standards. These references are used legitimately to provide authoritative guidance for component development.
Audit Metadata