The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill's documentation (references/reference.md) recommends installing a management tool using 'go install github.com/modu-ai/moai-adk/cmd/moai@latest'. Since the 'modu-ai' organization is not in the trusted sources list, this constitutes an unverifiable external dependency.
COMMAND_EXECUTION (MEDIUM): The worktree template system includes a 'setup_commands' feature (modules/moai-adk-integration.md) that executes a list of shell commands after worktree creation. This presents a risk of arbitrary code execution if templates are sourced from untrusted or shared registries.
COMMAND_EXECUTION (LOW): The skill documentation (modules/worktree-commands.md) promotes shell integration using 'eval $(moai-worktree go ...)', which is a potential command injection vector if the tool's output or the SPEC IDs are manipulated.
PROMPT_INJECTION (LOW): The skill possesses a vulnerability surface for indirect prompt injection through external SPEC data. * Ingestion points: SPEC IDs and titles entering the system via the /moai:1-plan phase (modules/moai-adk-integration.md). * Boundary markers: Absent; while titles are transformed to kebab-case for branches, there are no explicit delimiters or warnings to ignore instructions embedded in titles. * Capability inventory: The skill has the capability to execute shell commands (setup_commands), manage files, and perform network sync operations. * Sanitization: Only basic kebab-case formatting for branches is documented; there is no mention of sanitizing SPEC content to prevent filesystem or shell character escapes.

moai-workflow-worktree