moai-meta-harness
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a template-based generator for project-specific configurations and follows a documented engineering workflow.
- [EXTERNAL_DOWNLOADS]: Neutrally references the 'revfactory/harness' repository on GitHub for architectural patterns and attribution.
- [PROMPT_INJECTION]: The skill analyzes repository content to generate code, which is a potential surface for indirect prompt injection. It includes a security validation phase performed by internal agents to mitigate risks associated with untrusted data ingestion. Ingestion points: reads 'answers.yaml' and repository dependency files (e.g., package.json, go.mod, requirements.txt) in SKILL.md. Boundary markers: absent in the instruction set. Capability inventory: utilizes Read, Write, Edit, and Bash tools across generated artifacts. Sanitization: delegated to expert-security and evaluator-active agents as part of the Phase 6 evaluation process.
Audit Metadata