moai-design-craft
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is composed entirely of markdown instructional modules and does not include any executable scripts, binaries, or automated code execution patterns.
- [SAFE]: Platform configuration in the skill's metadata restricts tool usage to
Read,Grep, andGlob, which prevents the agent from performing destructive file edits, executing shell commands, or making external network requests. - [NO_CODE]: As the skill contains no source code or scripts (e.g., Python, Node.js, Shell), it avoids common attack vectors related to remote code execution or malicious package dependencies.
- [SAFE]: The 'design memory' protocol manages project documentation within the local
.moai/directory, which is consistent with the skill's stated purpose and does not involve accessing sensitive system files or credentials.
Audit Metadata