The Agent Skills Directory

Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection as it ingests untrusted data from external APIs and interpolates it directly into LLM prompts without sanitization. Ingestion points: Data enters through extract_figma_components (Figma) and query_notion_database (Notion) in modules/integration-patterns.md. Boundary markers: Absent; the prompt templates use direct f-string interpolation with no delimiters or security instructions. Capability inventory: The orchestration logic can call arbitrary tools including AI content generation and analysis. Sanitization: There is no evidence of sanitization, escaping, or validation of the retrieved external content before prompt construction.

moai-integration-mcp