Skills
skills/jg-chalk-io/nora-livekit/moai-lang-html-css/Gen Agent Trust Hub

moai-lang-html-css

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Potential surface for Indirect Prompt Injection because the skill enables the agent to ingest external data and execute commands.
  • Ingestion points: The WebSearch and WebFetch tools defined in the SKILL.md frontmatter allow the agent to retrieve content from external websites.
  • Boundary markers: No explicit boundary markers or instructions are provided to the agent to help it distinguish between its own instructions and potentially malicious instructions embedded in external data.
  • Capability inventory: The Bash tool is enabled, granting the agent the ability to execute shell commands based on its interpretations of ingested content.
  • Sanitization: The skill does not provide any mechanisms or instructions for sanitizing, validating, or escaping external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 05:14 PM