moai-platform-appintoss
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety guidelines were detected in the skill markdown or examples.
- Data Exposure & Exfiltration (SAFE): The skill uses placeholders like 'NPM_TOKEN', 'YOUR_API_KEY_HERE', and '복호화키' for sensitive information in its documentation and configuration files. No real credentials or sensitive local file access patterns were found.
- Obfuscation (SAFE): No malicious obfuscation was detected. Some standard Base64 encoding is present in Yarn SDK wrapper scripts, which is typical for development toolchains.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The examples reference standard, well-known packages from the npm registry. Installation and build commands provided in the READMEs are standard for modern web and mobile development (e.g., yarn install, npm run dev).
- Privilege Escalation (SAFE): No commands were found that attempt to acquire elevated permissions (e.g., sudo, chmod 777).
- Persistence Mechanisms (SAFE): No attempts to establish persistent access across sessions were identified.
- Indirect Prompt Injection (SAFE): While the skill describes handling user data like contacts and login info, it does not include instructions that would lead an agent to insecurely interpolate untrusted data into its own command context.
- Dynamic Execution (SAFE): No unsafe dynamic execution patterns (like eval() on remote strings or pickle.load on network data) were found. Use of require() and module.exports is standard for the project type.
Audit Metadata