moai-core-practices
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of documentation and behavioral guidelines designed to optimize agent performance in software development environments. It does not include executable script files or suspicious logic.
- [COMMAND_EXECUTION]: The skill defines patterns for using the
Bashtool to perform repository analysis and project management tasks (e.g.,find,git diff,wc). These commands are standard for the intended use case and are used in a controlled, prescriptive manner. - [PROMPT_INJECTION]: The skill describes workflows where user input is used to create feature specifications and implementation plans. While this is an ingestion point for external data, the recommended use of human-in-the-loop clarification (AskUserQuestion) and structured specification documents (EARS) serves as a logical mitigation against the direct execution of malicious user prompts.
- Ingestion points: User requests for feature implementations and bug fixes (Scenario 1, Scenario 4).
- Boundary markers: Use of formal SPEC documents and TDD cycles to gate code generation.
- Capability inventory:
Bash,WebFetch,Read, andGlobtools. - Sanitization: No explicit programmatic sanitization is defined in the documentation, but the workflow emphasizes requirements clarification and testing as validation steps.
Audit Metadata