Skills
skills/hnabyz-bot/mcp-agent-server/moai-workflow-templates/Gen Agent Trust Hub

moai-workflow-templates

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill possesses a significant Indirect Prompt Injection surface where untrusted data can influence agent actions.
  • Ingestion points: User input via the /moai:9-feedback command (modules/feedback-templates.md) and file content from the .moai-backups/ directory (modules/template-optimizer.md).
  • Boundary markers: Absent; user-provided strings and backup content are interpolated into issue templates and project files without delimiters.
  • Capability inventory: Automated GitHub issue creation (external write) and modification of local project code via apply_customizations (file write).
  • Sanitization: No evidence of content escaping, validation, or filtering for external content before it is used to generate or modify code.
  • [COMMAND_EXECUTION] (MEDIUM): The restore_from_backup and smart_merge functions perform file system modifications based on the contents of extracted customizations.
  • Evidence in modules/template-optimizer.md shows the skill extracts content from backup files and applies it to the current project. This mechanism could be exploited to overwrite critical files or inject malicious persistence scripts if an attacker can manipulate the backup data or metadata.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:15 AM