moai-design-tools
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): Documentation recommends using 'npx -y' to execute servers from the @modelcontextprotocol scope, which is not included in the trusted source whitelist.
- PROMPT_INJECTION (LOW): Surface for indirect prompt injection through processing of external design files. 1. Ingestion points: Figma file metadata, component trees, and DNA codes fetched from external design tools. 2. Boundary markers: Absent in the documentation and prompt guidance. 3. Capability inventory: Access to 'Bash', 'Write', and 'Edit' tools provides a high-impact exploitation surface. 4. Sanitization: No data sanitization or input validation logic is present.
- COMMAND_EXECUTION (LOW): Documentation includes executable Bash patterns for token export and version control, and the skill is granted 'Bash' permissions.
Audit Metadata