moai-foundation-quality

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests third‑party content — e.g., modules/best-practices.md and modules/proactive-analysis.md call Context7Client.get_library_docs to retrieve live docs and modules/integration-patterns.md’s Quality-as-Service API clones arbitrary repository_url into a temp dir for analyze_codebase — and that untrusted, user/public repository/documentation content is parsed and used to drive validations, recommendations, auto-fixes, and refactor actions, so it can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's BestPracticesEngine and ProactiveQualityScanner call Context7Client.get_library_docs at runtime to fetch library docs (e.g., "/facebook/react") and then use that fetched documentation to drive validation logic and recommendations, meaning external Context7 content fetched during runtime can directly control the agent's behavior.