moai-security-compliance
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references several third-party Node.js packages and external APIs to facilitate compliance monitoring.
- It utilizes the
drata-apifor integration with Drata, a compliance automation service. - It utilizes
context7-mcp, which is an external dependency for regulatory framework checks. - [COMMAND_EXECUTION]: The skill's configuration in
SKILL.mdexplicitly enables theBashtool. While no bash scripts are provided in the analyzed files, this permission provides the agent with a powerful capability to execute shell commands on the host environment. - [PROMPT_INJECTION]: The skill processes external data for classification (PII, PHI, payment data) and logging, creating a surface for indirect prompt injection.
- Ingestion points:
DataClassifier.classify()andAuditLogger.logDataAccess()ingest potentially untrusted data fields for analysis and logging inSKILL.mdandexamples.md. - Boundary markers: The processing logic does not implement boundary markers or instructions to disregard embedded commands in the data streams.
- Capability inventory: The skill possesses capabilities for file system reads (
fs.readFile), database deletions (db.users.deleteOne), and network operations via AWS and Drata APIs. - Sanitization: Data classification relies on regex patterns (
/email|phone|address/) and usesJSON.stringify(), but lacks sanitization to prevent the agent from interpreting instructions contained within the data values.
Audit Metadata