The Agent Skills Directory

[Indirect Prompt Injection] (LOW): Evidence Chain: 1. Ingestion points: Reads .js, .mjs, .cjs, and package.json files. 2. Boundary markers: Absent. 3. Capability inventory: Provides execution capabilities for node, npm, yarn, pnpm, bun, deno, jest, and vitest via Bash tool. 4. Sanitization: Absent.
[Remote Code Execution] (SAFE): Mentions package installation (npm, yarn) but does not contain patterns for piped remote execution (e.g., curl|bash).
[Privilege Escalation] (SAFE): No usage of sudo or unauthorized system permission modifications.

moai-lang-javascript