moai-workflow-loop
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the
moai-adktool from the vendor's GitHub repository (github.com/modu-ai/moai-adk) to initialize the workflow. - [EXTERNAL_DOWNLOADS]: It references several industry-standard language servers (e.g.,
pyright,gopls,rust-analyzer) and provides instructions for their installation from well-known sources. - [COMMAND_EXECUTION]: The workflow relies on shell commands to run diagnostics, execute tests, and generate coverage reports across multiple programming languages.
- [PROMPT_INJECTION]: The skill processes data from external tools which could potentially be manipulated to influence the agent's behavior.
- Ingestion points: LSP diagnostic messages and AST-grep scan results as described in SKILL.md.
- Boundary markers: None identified to separate tool output from instructions.
- Capability inventory: The skill uses Read, Write, Edit, and Bash tools to perform operations based on diagnostics.
- Sanitization: No specialized sanitization is applied to the content received from external development tools.
Audit Metadata