Skills
skills/modu-ai/moai-adk/moai-design-tools/Gen Agent Trust Hub

moai-design-tools

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and executes project initialization presets from shadcn's official domain via the bunx command.
  • [COMMAND_EXECUTION]: Instructs the agent to perform shell operations for project setup and official plugin installation, including claude plugin install figma@claude-plugins-official.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface associated with processing external design metadata from Figma and Pencil.
  • Ingestion points: Accesses design specifications and file hierarchies through get_design_context and batch_get.
  • Boundary markers: No specific delimiters or safety warnings for ignoring embedded instructions in external JSON data are implemented.
  • Capability inventory: The skill utilizes file system modification (Write, Edit) and shell execution (Bash) capabilities.
  • Sanitization: No explicit sanitization or validation of design system tokens or metadata is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 03:34 PM