Skills
skills/modu-ai/cc-plugins/moai-domain-database/Gen Agent Trust Hub

moai-domain-database

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill metadata in SKILL.md allows the use of Bash(npm:*) and Bash(npx:*). This configuration permits the agent to download external packages from the npm registry.
  • REMOTE_CODE_EXECUTION (MEDIUM): Permission to use npx allows for the direct execution of remote scripts and binaries, representing a significant risk if the agent is manipulated into running untrusted third-party tools.
  • COMMAND_EXECUTION (LOW): The skill allows access to several database CLI tools (psql, mysql, sqlite3, mongosh, redis-cli, prisma). While restricted to database operations, these tools provide a broad interface for interacting with database servers and local environments.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Untrusted data is ingested from PostgreSQL, MongoDB, Oracle, and Redis query results as described in the modules/ directory.
  • Boundary markers: Absent; there are no instructions or delimiters to distinguish between data and commands within the database outputs.
  • Capability inventory: The agent has high permissions including Bash (for database and package tools), Write, and Edit file system access.
  • Sanitization: Absent; the skill does not specify any methods for escaping or validating database content before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:29 PM