moai-workflow-spec
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a structured approach for requirement engineering using the EARS (Easy Approach to Requirements Syntax) format, which promotes clarity and reduces ambiguity in project planning.
- [SAFE]: Command execution is limited to benign Git, file system (ls, mkdir, find), and text processing (grep, wc) operations necessary for project organization and migration.
- [SAFE]: The provided templates for authentication and payment processing demonstrate security best practices, such as using bcrypt for hashing, JWT for tokens, and emphasizing PCI DSS compliance principles.
- [SAFE]: The skill uses placeholders for sensitive configuration (e.g.,
<RSA_PRIVATE_KEY>) rather than hardcoding actual credentials. - [SAFE]: The documentation includes a bash script for validating project structure that uses only standard, low-risk utilities.
Audit Metadata