Skills
skills/modu-ai/moai-adk/moai-lang-r/Gen Agent Trust Hub

moai-lang-r

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill explicitly allows the agent to use Bash(R:*) and Bash(Rscript:*). This enables the execution of arbitrary R code on the underlying system.
  • [PROMPT_INJECTION] (HIGH): The skill has a high Indirect Prompt Injection (IPI) risk profile due to its design to process external content combined with high-privilege execution tools.
  • Ingestion points: The agent is triggered by and reads content from .R, .Rmd, .qmd, DESCRIPTION, and renv.lock files, which may contain attacker-controlled data.
  • Boundary markers: There are no instructions to use delimiters or ignore instructions embedded in the analyzed code or data files.
  • Capability inventory: The skill possesses file system access (Read, Grep, Glob) and command execution capabilities (Bash).
  • Sanitization: No sanitization or validation of the input files is performed before they are processed by the agent's logic or passed to tools.
  • [REMOTE_CODE_EXECUTION] (LOW): The skill instructions include renv::install and renv::restore. While these perform network operations to download and install R packages, renv is a standard industry tool, and this behavior is expected for its stated purpose.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:05 PM