project
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill manages several API keys required for its plugin ecosystem, including GEMINI_API_KEY, FAL_KEY, and ELEVENLABS_API_KEY. These are stored in a project-isolated environment file (
./.moai/credentials.env) rather than being hardcoded or stored in a shared global profile, following security best practices for credential isolation. - [COMMAND_EXECUTION]: The skill employs local Python and Bash commands to perform 'Layer 1' validation of generated files (DOCX, HWPX, PPTX, XLSX). For example, it uses
unzip -tto check file integrity and library-specific Python code (usingopenpyxl,python-docx, etc.) to verify that headers, tables, and styles were applied correctly. This execution is limited to local file validation and does not involve untrusted network input. - [INDIRECT_PROMPT_INJECTION]: As a template generator, the skill ingests user input from 'Socratic interviews' and interpolates it into a
CLAUDE.mdfile. While this presents a surface for indirect injection if a user provided malicious instructions, the risk is mitigated by the skill's structured template approach and the 'AI slop' review phase which filters for unnatural or repetitive AI patterns. - [DYNAMIC_EXECUTION]: The skill provides the agent with predefined Python script templates in
execution-protocol.mdto automate the verification of document structures. This dynamic generation of validation code is internal to the agent's quality assurance process and targets local paths, minimizing external attack vectors.
Audit Metadata