moai-foundation-core
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill implements the EARS (Easy Approach to Requirements Syntax) format for defining system requirements.
- Evidence: This structured approach (using Ubiquitous, Event-driven, and State-driven patterns) reduces ambiguity and minimizes the risk of unintended instruction execution or prompt injection during the development lifecycle.
- [DATA_EXFILTRATION] (SAFE): Documentation provides clear guidance on preventing data exposure.
- Evidence: Code snippets demonstrate secure practices such as using environment variables for configuration and bcrypt for password hashing.
- Evidence: Explicitly recommends secret scanning tools like 'detect-secrets' to prevent credential leakage.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes a 'Task' delegation pattern for agent orchestration.
- Evidence: While it defines functions for orchestrating sub-agents, these are standard architectural patterns for multi-agent systems and do not expose arbitrary shell or system execution vulnerabilities.
- [EXTERNAL_DOWNLOADS] (SAFE): The CI/CD validation examples reference standard, trustworthy security and testing tools.
- Evidence: References to Bandit, Pylint, MyPy, and Pip-audit are informational and intended for local or pipeline-based security verification.
Audit Metadata