moai-workflow-project
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's documentation generation feature (generate_documentation_from_spec) ingests specification data to populate Markdown templates. This creates an indirect prompt injection surface where data from project files could contain instructions that might influence the agent. This is a low-risk surface inherent to documentation automation tools.
- [CREDENTIALS_UNSAFE]: The configuration schema (config-schema.json) includes an api_key field for translation services. This is a configuration placeholder for user-provided keys and not a hardcoded secret.
- [EXTERNAL_DOWNLOADS]: The skill supports automatic dependency installation during project initialization (auto_dependencies: true), which is a standard feature for development scaffolding tools. All external references are to official documentation or the author's repositories.
Audit Metadata