moai-domain-testing
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill serves as a comprehensive reference for quality assurance and enterprise testing practices.
- [PROMPT_INJECTION]: No direct prompt injection or safety bypass instructions were found. The skill processes project files for testing, creating a potential indirect prompt injection surface which is considered safe given the skill's context as a developer tool. Ingestion points: Test suites and source code files (e.g., tests/, e2e/). Boundary markers: None. Capability inventory: High-privilege access via Bash and Read tools. Sanitization: Not applicable to static testing templates.
- [DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file path access, or unauthorized external data transmission. Network references target localhost or official package and documentation domains.
- [REMOTE_CODE_EXECUTION]: The skill does not perform unauthorized remote code execution. Package installation and code execution examples involve standard testing tools and official repositories.
- [COMMAND_EXECUTION]: The skill defines legitimate use of the Bash tool for executing test suites (e.g., pytest, npm run), which aligns with its primary purpose as a testing framework.
- [EXTERNAL_DOWNLOADS]: External references are limited to official documentation and well-known package registries (PyPI, NPM). No downloads from untrusted or malicious sources were identified.
Audit Metadata