moai-workflow-loop

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the moai-adk tool from the vendor's GitHub repository (github.com/modu-ai/moai-adk) to initialize the workflow.
  • [EXTERNAL_DOWNLOADS]: It references several industry-standard language servers (e.g., pyright, gopls, rust-analyzer) and provides instructions for their installation from well-known sources.
  • [COMMAND_EXECUTION]: The workflow relies on shell commands to run diagnostics, execute tests, and generate coverage reports across multiple programming languages.
  • [PROMPT_INJECTION]: The skill processes data from external tools which could potentially be manipulated to influence the agent's behavior.
  • Ingestion points: LSP diagnostic messages and AST-grep scan results as described in SKILL.md.
  • Boundary markers: None identified to separate tool output from instructions.
  • Capability inventory: The skill uses Read, Write, Edit, and Bash tools to perform operations based on diagnostics.
  • Sanitization: No specialized sanitization is applied to the content received from external development tools.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 10:57 AM
Security Audit — agent-trust-hub — moai-workflow-loop