Skills
skills/moonbitlang/skills/moonbit-extract-spec-test/Gen Agent Trust Hub

moonbit-extract-spec-test

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill analyzes existing MoonBit source code to extract API specifications. This ingestion of untrusted data creates a surface for indirect prompt injection, where instructions hidden in code comments or string literals could attempt to influence the agent's behavior.
  • Ingestion points: MoonBit implementation files (.mbt) processed in Step 1.
  • Boundary markers: None specified to differentiate between source code and potential embedded instructions.
  • Capability inventory: File reading (analysis), file writing (generation of spec and test files), and shell command execution (moon check/test).
  • Sanitization: No explicit logic provided to sanitize or escape content extracted from the implementation code.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute moon check and moon test via the command line. These are the official build and test tools for the MoonBit language provided by the vendor (moonbitlang) and are used here for their intended purpose of validating code integrity and correctness.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 08:35 AM