Skills
skills/modu-ai/moai-rank/moai-formats-data/Gen Agent Trust Hub

moai-formats-data

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Dynamic Execution] (MEDIUM): The skill identifies pickle and PyYAML (C-based loaders) as core technology stack components for serialization and configuration management. The pickle module is inherently insecure and can lead to arbitrary code execution if used to deserialize untrusted data. Similarly, standard YAML loaders can be exploited for code execution if not used with SafeLoader or equivalent protections.\n- [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest and optimize external data for LLM consumption, creating an attack surface for indirect prompt injection.\n
  • Ingestion points: modules/toon-encoding.md (decoding logic) and various data validation entry points.\n
  • Boundary markers: No explicit safety delimiters or instruction-ignore warnings are implemented in the TOON encoding logic.\n
  • Capability inventory: The agent is granted Write and Edit tool permissions, which could be misused if instructions are successfully injected via processed data.\n
  • Sanitization: Although structural validation via jsonschema and pydantic is featured, it does not prevent semantic instruction injection within valid data fields.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:24 PM