moai-foundation-core
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that ingests untrusted user input (feature descriptions) via the /moai:1-plan command in modules/spec-first-ddd.md to generate specifications. Ingestion point: User feature descriptions in /moai:1-plan; Boundary markers: Framework mandates structured EARS format requirements; Capability inventory: Includes Agent() delegation and restricted tool calls; Sanitization: Explicitly required for user inputs per execution-rules.md. (Category 8)
- [COMMAND_EXECUTION]: The skill implements a 'Security Sandbox' in modules/execution-rules.md that explicitly forbids the execution of destructive system commands such as sudo, rm -rf, and chmod 777.
- [DATA_EXFILTRATION]: The framework enforces security scanning through the TRUST 5 'Secured' pillar, integrating tools like detect-secrets and bandit to prevent the exposure of hardcoded credentials and vulnerabilities.
- [SAFE]: Access to sensitive files and directories, including .env files, AWS credentials, and SSH keys, is strictly denied within the project's security policy.
Audit Metadata