moai-jit-docs-enhanced
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process information from various external web sources.\n
- Ingestion points: Data enters the agent's context through
WebFetchandWebSearchtools, which retrieve content from official documentation, community platforms, and general web results.\n - Boundary markers: No specific delimiters or instructions are defined to isolate untrusted web content from the agent's primary instructions.\n
- Capability inventory: The skill possesses capabilities for file reading (
Read,Glob) and network interactions (WebFetch,WebSearch).\n - Sanitization: There is no evidence of content sanitization or validation logic to identify or neutralize malicious instructions embedded in the external documentation.\n- [DATA_EXFILTRATION]: The skill integrates local project documentation with web-based search capabilities. While intended for finding relevant info, there is a risk that project-specific details could be inadvertently leaked to external search engines or websites if they are included in search queries generated by the agent during the document discovery process.
Audit Metadata