moai-security-compliance

The skill is provisioned to support regulatory compliance workflows (classification, auditing, erasure, retention, and evidence collection) in a coherent manner. It is not inherently malicious; however, several implementation gaps and hardcoded assumptions create risk if deployed without proper configuration and safeguarding (e.g., ensuring secure handling of PII/PHI, robust error handling, explicit access controls for logs, and complete wiring of external integrations). Overall, the security posture is SUSPICIOUS to MEDIUM-risk due to potential data exposure surfaces and incomplete integration logic that could lead to inconsistent data handling if misconfigured.