Skills
skills/ajbcoding/claude-skill-eval/moai-security-threat/Gen Agent Trust Hub

moai-security-threat

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's code snippets in SKILL.md and examples.md reference the context7-mcp and modsecurity Node.js packages. These are not part of the predefined trusted organization or well-known service lists, making them unverifiable dependencies.
  • [COMMAND_EXECUTION]: The skill metadata explicitly requests the Bash tool. While the provided examples use it for logging, the permission allows for the execution of arbitrary shell commands on the host system, which could be used for persistence or privilege escalation if misused.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its architecture for processing external data.
  • Ingestion points: Untrusted data enters the agent's context through HTTP request arguments and external threat alerts processed by the ModSecurityWAF and AlertCorrelator classes.
  • Boundary markers: There are no boundary markers or 'ignore' instructions implemented to prevent the agent from obeying instructions embedded within the security alerts or web requests it analyzes.
  • Capability inventory: The skill possesses high-level capabilities including Bash for command execution and WebFetch for network operations.
  • Sanitization: The provided logic demonstrates detection patterns (like regex for SQLi) but lacks sanitization or escaping of the input data before it is handled by the correlation engine or potential downstream tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 01:07 AM