moq
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill creates a high-severity Indirect Prompt Injection surface by instructing the agent to fetch external data (Moq documentation) and process it using high-privilege capabilities.
- Ingestion points: Documentation content retrieved via 'mcp__context7__query-docs' for library '/devlooped/moq'.
- Boundary markers: None. The instructions do not define delimiters or safety warnings for the agent when interpreting external documentation.
- Capability inventory: 'Bash', 'Write', 'Edit', 'Read', 'Glob', 'Grep'. These tools allow for file system modification and arbitrary command execution.
- Sanitization: None. The agent is not instructed to validate or sanitize the fetched documentation before use.
- [COMMAND_EXECUTION] (LOW): The skill explicitly allows the 'Bash' tool. While common for development environments, this capability serves as an execution vector for malicious instructions that might be ingested through external sources.
Recommendations
- AI detected serious security threats
Audit Metadata