moai-project-config-manager
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate administrative tool for MoAI projects, focusing on structured management of configuration data in the local filesystem.
- [PROMPT_INJECTION]: No instructions were detected that attempt to bypass agent safety guidelines, extract system prompts, or override core behaviors.
- [DATA_EXFILTRATION]: All file operations are restricted to the .moai/ directory. There are no network requests, non-whitelisted domain access, or patterns indicating credential harvesting.
- [COMMAND_EXECUTION]: While the skill has Bash access, it is used exclusively for standard maintenance and running the provided local validation script (validate.py). No obfuscated or high-risk command patterns (e.g., privilege escalation) were found.
- [REMOTE_CODE_EXECUTION]: The skill does not perform external downloads or execute code from remote URLs. All scripts are provided locally and operate on well-defined local schemas.
- [SAFE]: The skill documentation includes proactive security guidance, such as advising the use of .gitignore for backups and setting restrictive file permissions (644/755).
Audit Metadata