moai-docs-linting
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection as it is designed to ingest and validate external markdown documentation.
- Ingestion points: The agent is instructed to use Read and Glob tools to load documentation content from the local filesystem for validation.
- Boundary markers: No specific delimiters or instructions to ignore embedded prompts were found in the skill metadata or instructions to prevent the agent from accidentally executing instructions contained within the documents it lints.
- Capability inventory: The agent is granted access to tools including WebFetch, Read, Glob, Grep, and mcp__context7__get-library-docs, which can be exploited if an injection is successful.
- Sanitization: The skill lacks documented logic for sanitizing or filtering potential injection strings within the input markdown files.
- [COMMAND_EXECUTION]: The skill provides patterns for executing local Python scripts to automate linting processes.
- Evidence: Integration examples in Section 4 show the execution of scripts located in the .moai/scripts/ directory via python3. These are identified as internal vendor resources for the moai-docs-linting framework.
Audit Metadata