Skills
skills/pietz/moa-cli/moa/Gen Agent Trust Hub

moa

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install an external Python package, moa-cli, using the uv tool manager (uv tool install moa-cli).
  • [COMMAND_EXECUTION]: The skill is designed to interact with the system shell by executing the moa CLI and its subcommands (ask, distill, debate, doctor, config). It also coordinates the execution of other local agent CLIs like claude, codex, agy, and opencode.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when ingesting data from external files or pipes using the -f flag.
  • Ingestion points: Prompts read from local files or stdin via the -f flag in SKILL.md.
  • Boundary markers: None identified in the provided instructions to delimit untrusted input from system instructions.
  • Capability inventory: Executes shell commands via the moa CLI and fanned-out agent CLIs.
  • Sanitization: No input validation or sanitization steps are documented for the content passed to the secondary agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:01 PM
Security Audit — agent-trust-hub — moa