moai-workflow-spec
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its natural language requirement processing. * Ingestion points: SKILL.md Stage 1 (User Input Analysis) parses natural language feature descriptions into the agent context. * Boundary markers: The instructions do not specify the use of delimiters or protective framing (e.g., XML tags or clear separators) to isolate user-provided text from the system instructions. * Capability inventory: The skill facilitates file system modifications (Write, Edit) and version control actions (Bash git, mkdir), which could be misused if the agent is manipulated by injected instructions in the requirements. * Sanitization: There are no instructions for validating, filtering, or sanitizing user-provided input before it is incorporated into the generated specification documents or implementation plans.
Audit Metadata