moonkite-maliang
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill uses standard markdown and reference files to provide its functionality. The persona instructions are focused on guiding the user through a creative process without requesting elevated privileges or external access.
- [PROMPT_INJECTION]: The skill processes user-supplied text for themes, creating an indirect prompt injection surface. 1. Ingestion points: User input for initial ideas and follow-up questions in Phase 1 and 3 of SKILL.md. 2. Boundary markers: The final output follows the UMPF structured modular format, though interactive steps lack explicit delimiters. 3. Capability inventory: No file-write, network, or subprocess capabilities identified in any script. 4. Sanitization: No sanitization of user-provided content is performed. Given the lack of dangerous capabilities, this surface is considered low risk.
Audit Metadata