moai-workflow-loop
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from the codebase being analyzed via LSP diagnostics and AST-grep scan results. This content could potentially contain malicious instructions designed to manipulate the agent's feedback loop. Evidence Chain: 1. Ingestion points: LSP diagnostic output and AST-grep findings. 2. Boundary markers: None mentioned in the skill documentation. 3. Capability inventory: Bash, Write, Edit, Read. 4. Sanitization: No sanitization of diagnostic messages is documented.
- Command Execution (LOW): The skill requires the Bash tool to execute LSP clients, manage the Ralph Engine loop, and run code diagnostics. While this is a high-privilege capability, it is necessary for the skill's intended purpose.
- Persistence Mechanisms (LOW): The skill documentation describes creating and utilizing hooks within the .claude/hooks/ directory. These hooks allow the skill to maintain its logic and loop state across multiple agent turns, effectively modifying the agent's long-term behavior within the project environment.
Audit Metadata