moai-security-identity
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational and implementation guide for Single Sign-On (SSO) protocols, containing legitimate code examples for SAML 2.0 and OIDC.
- [EXTERNAL_DOWNLOADS]: All external references target official documentation (OASIS, OpenID Foundation, IETF) and standard Node.js authentication libraries from the npm registry. These sources are well-known and trusted for identity management.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or private certificates were found. The implementation patterns correctly demonstrate fetching sensitive configuration from environment variables and secure local files.
- [COMMAND_EXECUTION]: Although the skill specifies 'Bash' as an allowed tool, it does not include any scripts that execute arbitrary commands; the provided code snippets are for application-level authentication logic.
- [PROMPT_INJECTION]: No instructions were detected that attempt to override agent safety guidelines or bypass behavioral constraints.
Audit Metadata