Skills
skills/jg-chalk-io/nora-livekit/moai-security-zero-trust/Gen Agent Trust Hub

moai-security-zero-trust

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of context7-mcp, a package originating from an unverified domain (context7.ai) that is not listed among trusted vendors or recognized well-known technology services.
  • [COMMAND_EXECUTION]: The skill frontmatter requests the Bash tool permission. This provides a high-privilege execution environment that could be misused if the agent processes malicious input, although no direct exploitation is present in the provided source code.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its architecture for processing external telemetry and policy data.
  • Ingestion points: The skill ingests untrusted device telemetry data via the device object in security/device-trust-assessment.js and network policy definitions in compliance/context7-policy-validator.js.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially embedded instructions within these external data structures.
  • Capability inventory: The skill possesses extensive capabilities, including direct interaction with the Kubernetes cluster API via @kubernetes/client-node and access to the system Bash shell.
  • Sanitization: The provided examples lack explicit input validation, schema enforcement, or sanitization for the JSON-formatted data ingested from external sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 05:15 PM