Ruby Refactoring Expert
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and process external Ruby code provided by the user or found in the workspace.
- Ingestion points: The skill uses
Read,Grep, andGlobtools to load content from.rbfiles and Rails project directories. - Boundary markers: No specific boundary markers (like XML tags or 'IGNORE PREVIOUS' warnings) are defined in the instructions to protect the agent from instructions embedded in comments or strings within the processed Ruby code.
- Capability inventory: The skill allows for deep analysis and proposal of code changes. While it doesn't explicitly list
ExecuteorWritetools in the provided frontmatter, an agent with this skill in a development environment often has those tools. If the agent acts on instructions found inside the code it is 'refactoring', it could be coerced into malicious behavior. - Sanitization: There is no evidence of input sanitization or validation of the code content before analysis.
- Unverifiable Dependencies (SAFE): No external package managers (pip, npm) or remote script downloads are used.
- Data Exfiltration (SAFE): While the skill reads files, it does not have network access or tools that facilitate external communication.
- Credential Exposure (SAFE): No hardcoded API keys, tokens, or sensitive environment paths were detected in the skill definition.
Audit Metadata