moai-security-zero-trust
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [METADATA_POISONING]: The skill uses self-assigned safety metrics such as 'Trust Score: 9.9/10' and 'Enterprise Mode' in its metadata, which may mislead users or agents regarding its verified safety status.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its architecture of processing external inputs while requesting high-privilege tool access.
- Ingestion points: Processes untrusted device telemetry (deviceInfo) and network policy definitions (policy objects).
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided templates.
- Capability inventory: Requests access to sensitive tools including 'Bash', 'WebFetch', 'WebSearch', and 'Read'.
- Sanitization: No sanitization or verification logic is shown for external input before it is used in logic or potential tool calls.
- [COMMAND_EXECUTION]: The skill configuration requests access to the 'Bash' tool; combined with the lack of input sanitization in ingestion points, this creates a risk of command injection if the agent attempts to automate the provided logic.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The code references 'context7-mcp', an external package not included in the trusted vendors list, which is used for network policy validation.
Audit Metadata