Skills
skills/mizchi/skills/moonbit-js-binding/Gen Agent Trust Hub

moonbit-js-binding

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides extensive guidance on using MoonBit's extern "js" and inline JavaScript literals (#|) to execute JavaScript code directly. This includes accessing browser globals like window and document, as well as Node.js built-ins.
  • [DATA_EXFILTRATION]: Documentation includes examples of using the JavaScript fetch API via FFI declarations to perform network requests. While presented as a developer tutorial, this represents a potential path for data exfiltration if used by an agent to send sensitive data to an external server.
  • [REMOTE_CODE_EXECUTION]: The references/error-handling.md file contains a test example that demonstrates calling JavaScript's eval function via the call_method FFI primitive to trigger and catch exceptions.
  • [PROMPT_INJECTION]: The skill establishes a functional bridge for processing external data (e.g., via json_parse and generic JsValue wrappers). This creates an attack surface for indirect prompt injection (Category 8) where untrusted data could influence agent behavior through the execution of generated FFI logic.
  • Ingestion points: json_parse in ffi.mbt processes external strings into JS objects.
  • Boundary markers: Absent in the provided examples.
  • Capability inventory: Subprocess-like execution via extern "js", network access via fetch, and dynamic execution via eval wrappers are present across several files (e.g., ffi.mbt, references/error-handling.md).
  • Sanitization: No sanitization or validation of external content is demonstrated in the examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 03:45 AM
Security Audit — agent-trust-hub — moonbit-js-binding