moai-platform-chrome-extension
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by ingesting untrusted external content alongside powerful shell capabilities.
- Ingestion points: The skill reads local project files (manifest.json, service workers) and fetches data from external sources via WebFetch, WebSearch, and the mcp__context7__get-library-docs tool.
- Boundary markers: There are no explicit instructions or delimiters in the skill body to separate instructions from the data fetched from external URLs or documents.
- Capability inventory: The skill is granted shell access through Bash(npm:), Bash(npx:), and Bash(node:*), allowing it to execute code or install packages based on instructions that could be influenced by external data.
- Sanitization: No sanitization, validation, or filtering mechanisms for external data are described in the instructions.
Audit Metadata