moai-cc-subagent-lifecycle
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill patterns involve reading local configuration (.moai/config.json) and memory files (.claude/memory.md) to establish subagent context. This data is used locally for task execution and session persistence. No network exfiltration or hardcoded credentials were identified.
- [COMMAND_EXECUTION]: The skill metadata enables the Bash tool for the subagent. This capability is intended for executing development tasks like TDD cycles as described in the code snippets.
- [INDIRECT_PROMPT_INJECTION]: The architecture demonstrates context loading from local spec files. While this establishes a surface for indirect instructions, the skill defines a management framework where such ingestion is the intended function for project-specific subagents. Evidence: 1. Ingestion points: .moai/specs/ files; 2. Boundary markers: Absent; 3. Capability inventory: Bash tool; 4. Sanitization: Absent.
Audit Metadata