moai-lang-java
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to bypass agent constraints or override safety guidelines were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file access patterns were detected. Configuration examples use standard placeholders.
- Obfuscation (SAFE): The content is clear and readable with no hidden characters, encoding, or homoglyph attacks.
- Unverifiable Dependencies & Remote Code Execution (SAFE): Dependencies and build tools mentioned (Spring Boot, Maven, Gradle) are industry standard. No remote script piping or unsafe downloads were identified.
- Indirect Prompt Injection (LOW): The skill possesses an inherent attack surface by processing untrusted user data. 1. Ingestion points: Triggers on and processes content from .java, pom.xml, and build.gradle files. 2. Boundary markers: No explicit delimiters are defined to separate user data from instructions. 3. Capability inventory: Limited to reasoning and generating code patterns; no system-level write or network capabilities are exposed by the skill scripts. 4. Sanitization: No explicit sanitization or filtering of ingested code content is performed.
Audit Metadata