moai-document-processing

No explicit malicious code found in the provided fragment (no hard-coded attacker endpoints, reverse shells, or obfuscated payloads). Primary risks are operational: potential data exfiltration and prompt/injection attacks due to frequent external Context7 calls and broad agent capabilities (Bash, WebFetch, Read/Write/Edit) combined with absence of shown sanitization, access controls, or human-approval gates. Recommend enforcing least-privilege (remove or restrict Bash/WebFetch/Read where not required), validate and schema-check Context7 responses before consumption, redact or prevent uploading full documents and local configs to external services, add explicit human approval and audit logging for any outbound transfers or shell executions, and verify provenance of transitive moai dependencies.

The skill is coherent with its stated purpose: AI-driven document processing augmented by Context7 pattern lookups. I found no direct malicious code, hardcoded secrets, or download-execute supply-chain patterns in the provided text. Principal risks are operational: opaque external API calls to Context7 (implementation and endpoints not shown) and broad allowed-tools (Bash, WebFetch, Read/Write) that expand the attack surface when the skill is loaded into an agent. Recommend verifying the Context7 client implementation and authentication, adding explicit PII/data redaction safeguards, and limiting runtime tool permissions to the minimum necessary in production.