moai-foundation-context
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes conversation history and session artifacts to perform context optimization and state persistence, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: The
SessionManagerandProgressiveSummarizercomponents inreferences/examples.mdprocess data from session files and message history. - Boundary markers: Documentation mentions 'Context Tagging' (e.g., @CONFIG-001) for referencing data, but the provided code does not implement strict delimiters to segregate untrusted content from system instructions.
- Capability inventory: The skill possesses file-write capabilities for session persistence (via the
.moai/sessionsdirectory) and manages agent handoff protocols. - Sanitization: While the code uses standard JSON parsing for state storage, it lacks explicit sanitization logic to prevent the LLM from executing instructions found within reloaded or summarized context data.
Audit Metadata