Skills
skills/rdmptv/adbautoplayer/moai-toolkit-codegen/Gen Agent Trust Hub

moai-toolkit-codegen

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Prompt Injection] (SAFE): No instructions designed to bypass agent constraints or safety filters were identified.
  • [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file access (like SSH keys), or suspicious network requests were found. The skill focuses on local file scaffolding.
  • [Indirect Prompt Injection] (LOW): The scaffold_test.py script is designed to ingest external source code to generate tests. This presents an attack surface where malicious instructions embedded in source code comments could influence the agent's output.
  • Ingestion points: scaffold_test.py via the --source parameter.
  • Boundary markers: None specified in the documentation or usage examples.
  • Capability inventory: File generation and command execution via uv run.
  • Sanitization: No mention of sanitization for input source files.
  • [Command Execution] (SAFE): The skill provides usage examples for uv run to execute Python scripts. This behavior is consistent with the stated purpose of a developer scaffolding toolkit.
  • [Metadata Poisoning] (SAFE): The skill metadata correctly identifies its version, purpose, and the migration of its scripts to a unified builder skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:33 PM