moai-harness-learner
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
moaiCLI tool to perform operations such as checking subsystem status, fetching update proposals, and managing system snapshots. These operations are scoped to the project root and specific proposal identifiers. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes data from external proposal files and displays it to the user.
- Ingestion points: Proposal data is read from JSON files located in
.moai/harness/proposals/via the CLI or direct file access. - Boundary markers: No explicit delimiters or boundary markers are used when interpolating proposal content (e.g.,
new_value) into theAskUserQuestionprompt. - Capability inventory: The skill has access to
Bashfor shell execution andWrite/Editfor modifying skill files. - Sanitization: No specific sanitization or validation of the proposal content is mentioned in the instructions; however, the skill's architecture explicitly relies on the 'L5 Human Oversight' layer, requiring a user to review and approve the content before any action is taken.
Audit Metadata