Skills
skills/modu-ai/moai-adk/moai-workflow-loop/Gen Agent Trust Hub

moai-workflow-loop

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Potential surface for indirect prompt injection via external diagnostic data ingestion.
  • Ingestion points: The skill ingests data from LSP diagnostics, AST-grep security scans, and test runner outputs across multiple files (SKILL.md, .moai/cache/.moai_loop_state.json).
  • Boundary markers: Absent. There are no instructions provided to the agent to treat diagnostic messages as untrusted data or to use specific delimiters when processing them.
  • Capability inventory: The skill utilizes Bash, Write, and Edit tools, granting it the ability to modify the filesystem and execute arbitrary shell commands.
  • Sanitization: No sanitization or validation of the content returned by LSP servers or AST-grep is defined, which could allow malicious code comments to influence agent behavior.
  • [COMMAND_EXECUTION] (SAFE): The skill requires Bash and Edit tools to perform its stated purpose of code quality improvement.
  • Evidence: Usage is restricted to internal hooks (post_tool__lsp_diagnostic, stop__loop_controller) for diagnostic collection and loop state management as described in the Implementation Guide.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:41 PM