moai-harness-learner

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the moai CLI tool to perform operations such as checking subsystem status, fetching update proposals, and managing system snapshots. These operations are scoped to the project root and specific proposal identifiers.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes data from external proposal files and displays it to the user.
  • Ingestion points: Proposal data is read from JSON files located in .moai/harness/proposals/ via the CLI or direct file access.
  • Boundary markers: No explicit delimiters or boundary markers are used when interpolating proposal content (e.g., new_value) into the AskUserQuestion prompt.
  • Capability inventory: The skill has access to Bash for shell execution and Write/Edit for modifying skill files.
  • Sanitization: No specific sanitization or validation of the proposal content is mentioned in the instructions; however, the skill's architecture explicitly relies on the 'L5 Human Oversight' layer, requiring a user to review and approve the content before any action is taken.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 10:57 AM
Security Audit — agent-trust-hub — moai-harness-learner