ruler-rules-init
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill injects a postinstall script into the target repository's package.json that runs 'pnpm dlx @intellectronica/ruler@latest'. This configuration triggers the automatic download and execution of external code from the public NPM registry whenever dependencies are installed. The use of the @latest tag instead of a pinned version increases the risk of supply chain attacks.
- [COMMAND_EXECUTION]: The bootstrap-ruler.mjs script performs extensive file system operations, including reading and writing critical configuration files like package.json and .gitignore. With the --force flag, the script can overwrite existing postinstall commands, potentially disrupting existing workflows and removing existing security or setup checks.
- [EXTERNAL_DOWNLOADS]: The skill depends on fetching the @intellectronica/ruler package from an external registry (NPM) at runtime.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by generating .ruler/*.md files. These files are intended to be read by AI agents as instructions, establishing a channel where external guidelines can influence the agent's behavior on the codebase. While the provided templates appear benign, the ingestion of these files by agents represents a significant instruction-following surface.
Audit Metadata