moai-workflow-testing
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (LOW): The script
scripts/with_server.pyfacilitates running local server commands for testing purposes. It follows security best practices by usingshell=Falseand a custom validator that explicitly blocks shell operators like '&&', '||', and '|' to prevent command injection (CWE-78). - [Indirect Prompt Injection] (LOW): The skill dynamically ingests patterns and best practices from an external 'Context7 MCP' service. This creates a surface where poisoned external documentation could theoretically influence the agent's code analysis results.
- Ingestion points:
context7_client.get_library_docscalls throughoutmodules/performance-optimization/ai-optimization.md,modules/automated-code-review/context7-integration.md, andmodules/automated-code-review/trust5-framework.md. - Boundary markers: None identified; the skill assumes the retrieved patterns are trusted.
- Capability inventory: Access to
subprocess.Popenandsubprocess.runviascripts/with_server.py. - Sanitization: No specific filtering of the content returned by the Context7 client is implemented.
- [Dynamic Execution] (SAFE): The skill uses Python's
astmodule to parse and analyze source code for quality metrics and bug detection. This is performed for static analysis purposes and does not execute the code being analyzed.
Audit Metadata