Skills
skills/jg-chalk-io/nora-livekit/moai-domain-ml/Gen Agent Trust Hub

moai-domain-ml

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [UNVERIFIABLE_DEPENDENCIES]: The skill specifies library versions in SKILL.md and examples.md (e.g., PyTorch 2.9.0, TensorFlow 2.20.0, Scikit-learn 1.7.2) that are not currently released in official registries. This poses a risk for dependency confusion or malicious package takeover if an attacker registers these versions.
  • [DYNAMIC_EXECUTION]: The code templates demonstrate unsafe deserialization of model files which can lead to arbitrary code execution.
  • Evidence: The use of joblib.load() in examples.md and mlflow.pyfunc.load_model() in SKILL.md. These are standard ML practices but are flagged as risky when handling untrusted files.
  • [INDIRECT_PROMPT_INJECTION]: The skill defines several ingestion points for untrusted data that could be used for indirect prompt injection.
  • Ingestion points: MlDataProcessor.load_data in examples.md (CSV ingestion) and the FastAPI endpoints in SKILL.md (JSON prediction requests).
  • Boundary markers: No delimiters or isolation instructions are included in the prompt-related logic.
  • Capability inventory: The skill is granted high-privilege tools including Bash, Write, and WebFetch.
  • Sanitization: There is no evidence of sanitization or filtering to prevent embedded instructions from influencing the agent's behavior during data processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 05:15 PM