moai-core-proactive-suggestions
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured with the Bash tool to facilitate operations like database backups (e.g., pg_dump), test suite execution (e.g., pytest), and batch refactoring scripts. Evidence in 'examples.md' indicates these commands are proposed to the user for explicit approval rather than executed autonomously in the background.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data (user-provided code and command history) to generate its suggestions.
- Ingestion points: Reads code files and monitors user behavior patterns (identified in SKILL.md and examples.md).
- Boundary markers: No explicit delimiter or 'ignore instructions' markers are defined in the provided file content to isolate the analyzed code from the agent's logic.
- Capability inventory: Includes the 'Read' and 'Bash' tools, allowing the agent to view files and execute system commands based on its analysis.
- Sanitization: The skill documentation does not specify sanitization or validation routines for external content prior to analysis. While this presents a theoretical surface for injection, it is considered a low-risk factor inherent to the skill's primary function of code analysis.
Audit Metadata