moai-workflow-loop
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a feedback loop that ingests diagnostic messages from external language servers and static analysis tools. Ingestion points: post_tool__lsp_diagnostic and stop__loop_controller hooks. Boundary markers: No explicit markers or 'ignore instructions' warnings are described. Capability inventory: Read, Write, Edit, Bash, Grep, Glob tools. Sanitization: No mention of content validation or escaping before interpolation into the agent's context. This creates a surface for indirect prompt injection if external tool output is manipulated.
- [EXTERNAL_DOWNLOADS]: The documentation identifies several external dependencies, including the moai-adk tool from the author's GitHub repository and various language servers such as pyright and gopls. These are standard development tools and vendor-provided resources necessary for the skill's advertised functionality.
Audit Metadata