moai-library-shadcn
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The content is strictly technical documentation.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were identified.
- Obfuscation (SAFE): No Base64, zero-width characters, or other encoding techniques intended to hide malicious content were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard, well-known libraries such as React, Tailwind CSS, and TanStack Table. No remote script execution patterns (e.g., curl | bash) were found.
- Privilege Escalation (SAFE): No commands involving sudo, chmod, or administrative privilege acquisition were detected.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles, cron jobs, or startup services were found.
- Metadata Poisoning (SAFE): Metadata fields are descriptive and free of hidden instructions.
- Indirect Prompt Injection (SAFE): The skill defines UI component structures and does not ingest untrusted data for command execution. Standard React escaping provides inherent protection for the patterns shown.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating malicious behavior based on time or environment was found.
- Dynamic Execution (SAFE): The use of React.lazy and dynamic imports follows standard performance best practices and does not involve unsafe code generation or deserialization.
Audit Metadata