moai-domain-security
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references downloading security tools from well-known sources. It includes instructions to pull the 'owasp/zap2docker-stable' Docker image and install the 'safety' and 'bandit' Python packages for vulnerability scanning.
- [COMMAND_EXECUTION]: The skill provides patterns for the automated execution of security tools via Bash. Examples include executing Docker-based web scanners and Python static analysis tools within a CI/CD pipeline context.
- [PROMPT_INJECTION]: The skill defines application middleware that processes external data from web requests, which creates an indirect prompt injection surface. 1. Ingestion points: The skill processes data from 'request.form' and 'request.headers' in 'SKILL.md'. 2. Boundary markers: No boundary markers or 'ignore' instructions are used to distinguish untrusted data from system instructions. 3. Capability inventory: The skill utilizes 'Bash' and 'WebFetch', providing a pathway for potential exploitation if malicious instructions are processed. 4. Sanitization: SQL injection detection is performed using regex, but the logic does not sanitize natural language instructions.
Audit Metadata