moonshine-field
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: User input is accepted via the $ARGUMENTS variable in SKILL.md. 2. Boundary markers: Absent; there are no delimiters or 'ignore embedded instructions' warnings surrounding the user input. 3. Capability inventory: The agent has access to 'Bash', 'Write', 'Edit', and 'Read' tools, which can be leveraged to execute system commands or modify application code. 4. Sanitization: Absent; the instructions do not require the agent to validate or sanitize user input before code generation or command execution.
- COMMAND_EXECUTION (LOW): The skill enables the 'Bash' tool for the agent. While often used for developer tasks (e.g., Artisan or Composer), the instructions provide no safety constraints or guidance on its use, which could allow arbitrary command execution if the agent is manipulated via the $ARGUMENTS input.
Audit Metadata