moai-workflow-jit-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection as the skill is designed to ingest untrusted data from the web. Evidence: (1) Ingestion points: WebFetch and WebSearch tools are used to retrieve external documentation. (2) Boundary markers: No delimiters or instructions are provided to prevent the agent from following instructions embedded in retrieved text. (3) Capability inventory: The skill has Read, Grep, and Glob tools for file access. (4) Sanitization: No sanitization is mentioned.
- [DATA_EXFILTRATION] (LOW): The skill combines local file access (Read, Grep, Glob) with network capabilities (WebFetch, WebSearch). This creates a theoretical surface for data exfiltration if the agent is manipulated via an indirect prompt injection attack.
Audit Metadata