moai-session-info
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Employs the Bash tool to execute system diagnostic commands and Git operations for state retrieval.
- [PROMPT_INJECTION]: Exhibits a surface for indirect prompt injection by processing untrusted data.
- Ingestion points: Reads data from Git commit messages and SPEC files located in the .moai/specs/ directory.
- Boundary markers: Does not implement specific delimiters or 'ignore' instructions to isolate ingested data from the agent's primary prompt.
- Capability inventory: Possesses Bash, Read, and Glob capabilities which can be leveraged if an injection is successful.
- Sanitization: Ingested content is not sanitized or validated before being presented in the session status report.
Audit Metadata