moai-domain-backend
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill exhibits a significant vulnerability surface by combining external data ingestion with high-privilege tools.
- Ingestion points: Interacts with external libraries and documentation via
mcp__context7__get-library-docs. - Capability inventory: Includes
Bash,Write, andEdittools, allowing for system-level command execution and file manipulation. - Sanitization: There are no defined boundary markers or sanitization protocols to prevent the agent from obeying malicious instructions embedded in external technical docs or API specifications.
- [Command Execution] (MEDIUM): The skill is granted access to the
Bashtool. While relevant for a backend specialist, this capability maximizes the blast radius of any successful prompt injection, potentially allowing for remote code execution if the agent is manipulated while processing untrusted input.
Recommendations
- AI detected serious security threats
Audit Metadata