moai-core-clone-pattern
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests and utilizes the Bash tool to perform complex, multi-step tasks across the codebase.\n
- Evidence: SKILL.md lists Bash in allowed-tools.\n
- Evidence: examples.md describes clones executing migrations and refactoring involving file modifications.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user data and passes it to autonomous clones with high-privilege tools.\n
- Ingestion points: examples.md shows processing UserRequest objects in autonomous clones.\n
- Boundary markers: No delimiters or protective instructions are used to separate user data from task logic.\n
- Capability inventory: Includes Bash, Read, and Task tools, the latter of which allows for recursive agent spawning and independent execution with inherited permissions.\n
- Sanitization: No sanitization or validation of the input payload is described before task delegation.
Audit Metadata