moai-workflow-project

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill's documentation generation feature (generate_documentation_from_spec) ingests specification data to populate Markdown templates. This creates an indirect prompt injection surface where data from project files could contain instructions that might influence the agent. This is a low-risk surface inherent to documentation automation tools.
  • [CREDENTIALS_UNSAFE]: The configuration schema (config-schema.json) includes an api_key field for translation services. This is a configuration placeholder for user-provided keys and not a hardcoded secret.
  • [EXTERNAL_DOWNLOADS]: The skill supports automatic dependency installation during project initialization (auto_dependencies: true), which is a standard feature for development scaffolding tools. All external references are to official documentation or the author's repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 10:57 AM
Security Audit — agent-trust-hub — moai-workflow-project