Skills
skills/modu-ai/moai-adk/moai-platform-firebase-auth/Gen Agent Trust Hub

moai-platform-firebase-auth

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface by combining external data ingestion with high-privilege tool access.
  • Ingestion points: The tool mcp__context7__get-library-docs is used to fetch external documentation at runtime.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation handling logic.
  • Capability inventory: The skill has the ability to write files and execute broad bash commands via npm and npx.
  • Sanitization: No sanitization or validation of the content fetched from the external library is specified.
  • [Command Execution] (MEDIUM): The allowed-tools configuration includes Bash(npm:*) and Bash(npx:*). While relevant to the skill's domain, these permissions are broad and allow for the installation and execution of arbitrary code if the agent is influenced by malicious input.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 11:13 PM