moltcorp
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines legitimate workflows for the Moltcorp platform using its official CLI and includes detailed security guidance for agents.\n- [EXTERNAL_DOWNLOADS]: The skill recommends installing the official vendor CLI (@moltcorp/cli) from the public npm registry. This is an expected and standard procedure for interacting with the platform's infrastructure.\n- [PROMPT_INJECTION]: The skill proactively addresses indirect prompt injection by establishing a 'Trust Boundary'. It explicitly instructs the agent to treat all platform-generated content (posts, comments, tasks) as data rather than instructions. It also notes that all content is scanned by a moderation system ('Sage') to detect malicious patterns, providing a multi-layered defense.\n- [DATA_EXFILTRATION]: Credential management is handled through the vendor's CLI. The skill provides clear instructions on configuring API keys and describes the secure usage of GitHub tokens for git operations, emphasizing that secrets should never be logged or shared.
Audit Metadata