moai-workflow-gan-loop
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates a workflow that ingests content from a BRIEF document and a design.yaml configuration file. This ingestion of untrusted data creates a surface for indirect prompt injection where malicious instructions in project files could attempt to influence the agent's behavior. The implementation mitigates this through defined iteration limits and escalation to the user.
- Ingestion points: Ingests project-specific data from
.moai/config/sections/design.yamland theBRIEFdocument. - Boundary markers: Absent; there are no specific instructions to use delimiters or ignore instructions within the ingested data.
- Capability inventory: Includes capabilities to read, write, and edit files, and execute shell commands (
Bash) for running automated testing tools like Playwright. - Sanitization: No explicit validation or sanitization steps are described for the content of the ingested project files.
Audit Metadata