moai-workflow-ddd
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill instructions define a legitimate software engineering workflow for refactoring and domain-driven development using a cycle of analysis, preservation, and improvement.
- [PROMPT_INJECTION]: The skill instructions do not contain attempts to override agent behavior, bypass safety filters, or extract system prompts.
- [DATA_EXFILTRATION]: No instructions were found that access sensitive local files (such as credentials or SSH keys) or attempt to exfiltrate data to external domains.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote scripts from untrusted sources. Its shell capabilities are restricted to standard development tools (git, pytest, npm, etc.) within its configuration.
- [SAFE]: The skill's primary function involves analyzing existing codebases. While this presents an indirect prompt injection surface (Category 8) by ingesting untrusted external data, the workflow mandates the creation of characterization tests and snapshot verification before any changes are made, providing a strong operational safeguard.
Audit Metadata