moai-workflow-worktree
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python's
subprocessmodule to execute Git and CLI commands for managing worktree states and registry metadata as seen inreferences/examples.md. - [REMOTE_CODE_EXECUTION]: The template system described in
modules/moai-adk-integration.mdsupportssetup_commands, which executes user-defined shell commands during the initialization of new worktree environments. - [PROMPT_INJECTION]: There is an indirect prompt injection surface (Category 8) where SPEC identifiers and descriptions are interpolated into shell command strings. Ingestion points: SPEC IDs and descriptions in
SKILL.mdandmodules/worktree-commands.md. Boundary markers: Absent. Capability inventory:subprocess.run(Python) and shelleval(CLI). Sanitization: Absent; metadata is interpolated directly without documented shell escaping. - [EXTERNAL_DOWNLOADS]: Fetches and installs the
moaitool from the vendor's GitHub repository (github.com/modu-ai/moai-adk) for CI/CD and setup purposes as documented inreferences/reference.md.
Audit Metadata