moai-foundation-quality
Warn
Audited by Snyk on May 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill clearly fetches and ingests external, potentially untrusted content—e.g., BestPracticesEngine and ProactiveQualityScanner call Context7Client.get_library_docs to retrieve live Context7 documentation, and the Quality-as-Service REST API (integration-patterns.md) clones arbitrary repository_url—then the agent reads and uses that content to validate code, generate recommendations, and perform automated fixes, so third-party content can materially influence actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata