moai-foundation-specs
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow for reading and acting upon external specification files (e.g., spec.md) which may be user-provided or from untrusted sources. The lack of boundary markers or specific 'ignore instructions' directives for these files, combined with the agent's access to the Bash tool, creates a surface for indirect prompt injection.\n
- Ingestion points: specification markdown files in .moai/specs/.\n
- Boundary markers: None present.\n
- Capability inventory: Access to Read, Write, Bash, Grep, and Glob tools.\n
- Sanitization: No sanitization of specification content before processing.\n- [NO_CODE]: The skill is composed entirely of markdown documentation (SKILL.md, examples.md, reference.md) and does not include any executable scripts or binary files.
Audit Metadata