moai-foundation-quality

Warn

Audited by Snyk on May 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill clearly fetches and ingests external, potentially untrusted content—e.g., BestPracticesEngine and ProactiveQualityScanner call Context7Client.get_library_docs to retrieve live Context7 documentation, and the Quality-as-Service REST API (integration-patterns.md) clones arbitrary repository_url—then the agent reads and uses that content to validate code, generate recommendations, and perform automated fixes, so third-party content can materially influence actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 10:57 AM
Issues
1
Security Audit — snyk — moai-foundation-quality