moai-lang-php
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill configuration permits the agent to read local files and fetch data from the web, which creates a significant surface for indirect prompt injection when combined with the allowed terminal (Bash) tool.
- Ingestion points: Read (read_file), WebFetch, and WebSearch tools are explicitly permitted.
- Boundary markers: The skill does not provide instructions to the agent to treat external data as untrusted or to use delimiters when processing file or web content.
- Capability inventory: The agent is authorized to use a terminal (Bash) for command execution, posing a risk if instructions are injected into read data.
- Sanitization: There is no evidence of validation or sanitization logic to filter instructions from data retrieved via WebFetch or file reads.
- [NO_CODE]: No executable script files (e.g., .py, .js, .sh) are provided in the skill package. The current analysis is based on the permissions and documentation provided in the markdown files.
Audit Metadata