moai
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill invokes standard development utilities such as git, gh, mypy, eslint, and pytest. These executions are essential for its purpose as a development ADK and are triggered by user-invoked workflows.
- DATA_EXFILTRATION (SAFE): No unauthorized data transfer detected. The feedback workflow uses the official GitHub CLI to submit user-approved issues to the project's public repository.
- PROMPT_INJECTION (SAFE): Instructions follow a logical orchestration pattern without any attempts to bypass safety filters or extract system prompts.
- INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: Processes user-provided text through the feedback.md and plan.md workflows.
- Boundary markers: Uses AskUserQuestion for interactive input collection, which provides a natural sanitization layer, though explicit XML delimiters for data interpolation are not shown.
- Capability inventory: Access to GitHub issue creation, file modification (via subagents), and Git branch management.
- Sanitization: The workflow relies on specialized subagents (e.g., manager-quality, manager-spec) to validate and structure the data before use.
Audit Metadata