Skills
skills/modu-ai/cc-plugins/moai-library-nextra/Gen Agent Trust Hub

moai-library-nextra

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Command Execution] (LOW): The file modules/framework-core-configuration.md includes a build optimization script using child_process.execSync to perform file system cleanup (e.g., rm -rf .next) and trigger search indexing. These are standard patterns in JS build pipelines.
  • [External Downloads] (LOW): The skill suggests installing global CLI tools such as vercel and netlify-cli from the npm registry. These are trusted tools from established organizations (Vercel, Netlify).
  • [Indirect Prompt Injection] (LOW): The skill processes MDX files from the local file system, which creates a surface for indirect instructions to be processed by the agent. \n
  • Ingestion points: Files in the pages/ directory read via fs.readFile in modules/advanced-patterns.md. \n
  • Boundary markers: Uses standard MDX and YAML frontmatter delimiters (---). \n
  • Capability inventory: File system access (fs.readFile) and command execution (execSync). \n
  • Sanitization: No explicit sanitization or instruction-ignoring logic is shown for the content processing pipeline.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 04:11 PM