moai-essentials-review
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection (Category 8) by processing untrusted external data in conjunction with sensitive tool capabilities.
- Ingestion points: The skill ingests arbitrary code content from the local filesystem using
ReadandGlobtools as part of its multi-phase review process. - Boundary markers: There are no defined delimiters or specific instructions provided to the agent to treat the contents of the reviewed code as data rather than instructions.
- Capability inventory: The skill is granted
Bashpermissions to execute CLI tools (such as linters and security scanners) andWebFetchfor network access, which could be triggered by malicious instructions embedded in the code being reviewed. - Sanitization: No sanitization, escaping, or validation mechanisms are mentioned to filter or neutralize potentially malicious prompt segments within the source files.
Audit Metadata