moai-workflow-design-context
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a data ingestion workflow that reads local files and interpolates their content into the agent's context, creating a potential surface for indirect prompt injection.\n
- Ingestion points: Reads design-related markdown files from
.moai/design/and configuration from.moai/config/sections/design.yamlusing theReadtool.\n - Boundary markers: Utilizes a specific header
## Design Context (from .moai/design/)and source citations> source: .moai/design/<filename>to delimit injected content, helping the agent distinguish between instructions and data.\n - Capability inventory: The skill is restricted to
Read,Grep, andGlobtools; it possesses no network access or file-writing capabilities, which significantly limits the potential for exploitation.\n - Sanitization: The skill does not perform content sanitization or instruction-filtering on the loaded file content beyond identifying scaffolded
_TBD_markers.
Audit Metadata