moai-learning-optimizer
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a significant attack surface for Indirect Prompt Injection by processing untrusted data.
- Ingestion points: The skill ingests untrusted data through the
learn_from_sessionandadapt_responsesmethods, which analyze interaction history and user feedback. - Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the logic for processing session data.
- Capability inventory: The skill has access to high-privilege tools including
Bash,Write,Glob,Grep, andRead. - Sanitization: There is no evidence of input validation or escaping of external content before it is used to influence system logic.
- [COMMAND_EXECUTION]: The skill utilizes dynamic execution patterns to modify its own behavior and the agent environment.
- Execution method: Functions like
implement_evolution_step,deploy_knowledge_updates, andimplement_optimizationsuggest the runtime application of logic or configurations derived from patterns learned from user data. - Risk factor: The combination of runtime-determined behavior with the
BashandWritetools creates a pathway for arbitrary command execution and unauthorized system modification if learning signals are subverted.
Audit Metadata