Skills
skills/modu-ai/cc-plugins/moai-lang-rust/Gen Agent Trust Hub

moai-lang-rust

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGH
Full Analysis
  • [Prompt Injection] (SAFE): No instructions were found that attempt to override agent constraints, bypass safety filters, or extract system prompts.
  • [Data Exposure & Exfiltration] (SAFE): No sensitive file paths (e.g., SSH keys, AWS credentials) are accessed. The skill correctly recommends using environment variables for sensitive configuration like 'DATABASE_URL'.
  • [Obfuscation] (SAFE): No evidence of Base64 encoding, zero-width characters, homoglyphs, or other obfuscation techniques designed to hide malicious intent.
  • [Unverifiable Dependencies] (SAFE): The skill references standard, reputable crates from the Rust ecosystem (axum, tokio, sqlx, serde, thiserror, clap). No untrusted remote scripts or installers are utilized.
  • [Indirect Prompt Injection] (LOW): The skill defines an attack surface by allowing the agent to fetch external library documentation.
  • Ingestion points: Uses 'mcp__context7__get-library-docs' to pull content from external GitHub repositories.
  • Boundary markers: No specific delimiters or 'ignore' instructions are defined for the ingested documentation content.
  • Capability inventory: The skill is restricted to read-only tools ('Read', 'Grep', 'Glob') and documentation helpers. It lacks capabilities for file writing, network exfiltration, or arbitrary command execution.
  • Sanitization: No explicit sanitization of external documentation is described.
  • [Privilege Escalation] (SAFE): No use of 'sudo', 'chmod 777', or other commands that attempt to elevate system privileges.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:05 AM