moai-docs-validation
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local Python automation scripts (python3 .moai/scripts/validate_docs.py) for documentation auditing and CI/CD integration.
- [EXTERNAL_DOWNLOADS]: Uses WebFetch and Context7 MCP tools to retrieve documentation from external sources and libraries for validation purposes.
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected due to processing of untrusted markdown files. 1. Ingestion points: Documentation content ingested via Read, Glob, WebFetch, and MCP tools. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the validation logic. 3. Capability inventory: Access to subprocess execution (python3) and network operations (WebFetch). 4. Sanitization: The provided logic patterns do not include sanitization or escaping of external content before processing.
Audit Metadata