The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requests the Bash tool permission in its SKILL.md frontmatter. This capability is intended for executing workflow tasks, such as running build scripts or implementation commands, which is consistent with its stated purpose as a workflow orchestrator.
[EXTERNAL_DOWNLOADS]: Documentation in reference.md provides configuration examples for MCP servers from trusted organizations, specifically @anthropic-ai/mcp-server-github (Anthropic) and @upstash/context7-mcp (Upstash). These are legitimate, well-known integrations for repository management and code examples.
[PROMPT_INJECTION]: The skill defines templates that ingest untrusted external data, such as pull request URLs and error logs (seen in examples.md). This establishes an ingestion surface for indirect prompt injection; however, the skill's design incorporates validation stages and quality gates (e.g., the quality-gate agent) to mitigate accidental instruction obedience.
[DATA_EXFILTRATION]: The utility script scripts/spec_status_hooks.py accesses project-specific configuration and logs within the local .moai directory. These operations are confined to the project workspace and do not involve access to sensitive system files like SSH keys or environment variables.

moai-core-workflow