moai-platform-deployment
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill instructs the user/agent to install and use external CLI tools and GitHub Actions that are not within the explicitly trusted organization list.
- Evidence: Mentions
@railway/cli,npx convex deploy, and theamondnet/vercel-action@v25GitHub Action inSKILL.md. - Context: While these are standard tools for the respective platforms, they originate from non-whitelisted sources (
railway,convex,amondnet). Vercel-related packages are considered INFO as Vercel is a trusted organization. - [Indirect Prompt Injection] (INFO): The skill utilizes an MCP tool to fetch external documentation at runtime, creating a vulnerability surface for untrusted data ingestion.
- Ingestion points:
mcp__context7__get_library_docscall inreference/vercel.md. - Boundary markers: Absent in the documentation retrieval sequence.
- Capability inventory: Display and information retrieval only; no system modification or file-write capabilities are associated with the retrieved content in this context.
- Sanitization: None specified for the external documentation content.
- Severity: INFO (Display-only capability tier).
Audit Metadata