moai-core-context-budget
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily documentation-based, offering best practices for efficient token usage. It does not contain malicious code, network exfiltration patterns, or obfuscated content.
- [PROMPT_INJECTION]: No evidence of instructions intended to bypass safety filters or override system prompts was found. While the skill interacts with user-controlled codebase files (a common ingestion surface), it does not provide methods to bypass the agent's internal guardrails.
- [REMOTE_CODE_EXECUTION]: No external scripts or packages are downloaded or executed. Code snippets provided, such as the TokenBudgetTracker class, are static educational examples for local token estimation.
- [DATA_EXFILTRATION]: No network operations or hardcoded credentials were detected. The skill operates within the local file context as intended for development assistance.
- [COMMAND_EXECUTION]: While the skill permits the use of the Bash tool for file management tasks (e.g., archiving logs), it does not provide any pre-written malicious commands or dangerous subprocess calls.
Audit Metadata