moai-baas-auth0-ext
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses appropriate placeholders like 'your-management-client-secret' and 'your-domain' in all code snippets, preventing accidental exposure of real credentials.
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation from Auth0 and Context7 using the WebFetch tool and mcp__context7__get-library-docs. These are recognized as well-known or vendor-appropriate services for the skill's stated purpose.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface through the ingestion of external documentation and web content.
- Ingestion points: WebFetch and mcp__context7__get-library-docs tools are used to pull external documentation into the agent context.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided snippets.
- Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit.
- Sanitization: No sanitization or validation logic for the external content is shown in the provided implementation examples.
Audit Metadata