moai-docs-generation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill demonstrates a vulnerability to indirect prompt injection by interpolating untrusted data directly into LLM prompts.
- Ingestion points: Source code content read in
modules/code-documentation.mdand feature descriptions provided tomodules/user-guides.md. - Boundary markers: Absent. The code uses simple f-string interpolation without delimiters (like triple quotes or XML tags) or instructions for the AI to ignore embedded commands.
- Capability inventory: The skill possesses file system write capabilities (
Path.write_textandmkdir) inmodules/code-documentation.mdto save generated documentation. - Sanitization: Absent. No sanitization, escaping, or validation is performed on the ingested content before it is processed by the AI client.
Audit Metadata