moai-readme-expert
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its project analysis feature. \n
- Ingestion points: The ProjectAnalyzer class in SKILL.md reads untrusted files like package.json, requirements.txt, and Cargo.toml. \n
- Boundary markers: There are no delimiters or warnings to prevent the agent from following instructions embedded in these files. \n
- Capability inventory: The skill has Bash, Write, and WebFetch tools. \n
- Sanitization: Data is extracted and directly interpolated into README templates without validation or escaping. \n- [EXTERNAL_DOWNLOADS]: The skill generates markdown badges referencing well-known services such as img.shields.io, GitHub, Travis CI, and GitLab. These are standard documentation practices and use trusted domains for status visualization. \n- [COMMAND_EXECUTION]: The skill's metadata allows the use of the Bash tool, and its templates include common installation commands (e.g., npm install, pip install). While intended for documentation, this tool access represents a broad permission set that should be monitored during the agent's execution of analysis or generation tasks.
Audit Metadata