Skills
skills/modu-ai/moai-adk/moai-meta-harness/Gen Agent Trust Hub

moai-meta-harness

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill operates as a 'meta-factory', synthesizing new agent instructions and skill files from untrusted inputs like repository content and a user-provided answers.yaml. This architectural pattern is susceptible to indirect prompt injection if the source data contains malicious instructions.
  • Ingestion points: Processes repository file structures and the contents of .moai/harness/answers.yaml (SKILL.md).
  • Boundary markers: Employs the 'Sprint Contract' protocol to validate generated artifacts after creation (SKILL.md).
  • Capability inventory: Utilizes standard system tools including Write, Edit, and Bash to generate and configure project artifacts.
  • Sanitization: Includes a dedicated 'Phase 6' evaluation that uses an 'expert-security' agent to audit permissions and scan for credential leaks in the newly created files.
  • [COMMAND_EXECUTION]: The skill utilizes file manipulation and shell-based tools to generate configuration and skill files within the project's local environment. These operations are restricted to the .moai and .claude directories and are consistent with the skill's primary purpose of project initialization and agent team architecture.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 03:31 PM