moai-streaming-ui
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill code consists entirely of documentation and template examples for visual feedback components. No executable malicious code or dangerous commands were found.\n- [PROMPT_INJECTION]: The skill defines templates that interpolate dynamic external data for display purposes.\n
- Ingestion points: Data enters the agent's context through variables such as file_path, error, and result.summary within UI components.\n
- Boundary markers: The templates do not currently implement specific delimiters or 'ignore' instructions for the interpolated data.\n
- Capability inventory: The skill frontmatter lists Bash, Read, and Write as allowed tools, which represent a significant capability set if an injection were to occur via the UI messages.\n
- Sanitization: No explicit input validation or escaping mechanisms are described for the dynamic strings before display.
Audit Metadata