Skills
skills/modu-ai/moai-rank/moai-lang-cpp/Gen Agent Trust Hub

moai-lang-cpp

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill is authorized to use the Bash tool, which provides a significant attack surface for arbitrary code execution on the host system.
  • [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection. Ingestion points: Reads C++ source files and CMake configurations via Read and Grep. Boundary markers: None. The agent is not instructed to ignore comments or instructions within data. Capability inventory: Access to the Bash tool. Sanitization: None. A malicious codebase could contain instructions in comments designed to exploit the agent's Bash capability.
  • [REMOTE_CODE_EXECUTION] (HIGH): The documentation recommends cloning and executing a bootstrap script from a remote repository (vcpkg). While the source is trusted, this pattern of fetching and running remote scripts is a known RCE vector.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill uses FetchContent and references standard library providers like GitHub and Conan. These are downgraded to LOW per the [TRUST-SCOPE-RULE] for trusted sources.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:30 AM