moai-security-ssrf
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an optional dependency,
context7-mcp, which is used to interface with an external threat intelligence API atapi.context7.ai. This service provides URL reputation scores to identify potentially malicious or internal infrastructure targets as part of its security functionality. - [DATA_EXFILTRATION]: The implementation examples demonstrate the transmission of target hostnames to
api.context7.ai. This is a documented part of the threat intelligence gathering process and is restricted to the metadata required for performing reputation checks. - [PROMPT_INJECTION]: The skill includes code designed to process user-supplied URLs, which represents a surface for indirect prompt injection. However, it implements rigorous mitigation measures.
- Ingestion points: The
proxy_urlparameter ingested via the request body in theexamples.mdmiddleware implementation. - Boundary markers: None specified for the raw input strings; the skill relies on programmatic validation rather than delimiter-based separation.
- Capability inventory: The skill utilizes network-capable tools including
node-fetchand the Pythonrequestslibrary. - Sanitization: Implements multi-layered sanitization, including strict protocol allowlisting (HTTP/HTTPS only), domain verification against allowlists, and deep validation of resolved IP addresses to block access to loopback, private ranges (RFC 1918), and cloud provider metadata services (169.254.169.254).
Audit Metadata