Skills
skills/modu-ai/moai-adk/moai-workflow-jit-docs/Gen Agent Trust Hub

moai-workflow-jit-docs

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an automated system for discovering and loading documentation from external and local sources, creating an indirect prompt injection surface.
  • Ingestion points: Data enters the agent's context through WebFetch (external framework docs), WebSearch (community resources and tutorials), and Read (local project documentation in directories like .moai/docs/ and docs/).
  • Boundary markers: The skill instructions lack explicit boundary markers or directives to treat external documentation as untrusted data, which may allow embedded malicious instructions to override agent behavior.
  • Capability inventory: The agent is authorized to use Read, Grep, and Glob for file system access, and WebFetch and WebSearch for network operations. This provides the necessary tools for an attacker to execute complex payloads if injection is successful.
  • Sanitization: No sanitization, validation, or filtering of the fetched documentation content is specified in the skill's logic.
  • [DATA_EXFILTRATION]: The skill configuration allows for both reading local project files and making outbound network requests to arbitrary domains. While the intended use is for documentation retrieval, this combination of capabilities represents a potential exfiltration path for sensitive project data if the agent's logic is subverted via malicious input from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 08:36 PM