ruby-rails-application
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references dependencies that are hosted on official and well-known public registries.
- The provided Gemfile documentation points to https://rubygems.org, the official registry for Ruby libraries, to manage standard packages such as rails, pg, bcrypt, and jwt.
- [COMMAND_EXECUTION]: The instructions include the use of official command-line tools for application life-cycle management.
- The project setup guide details the use of the rails command-line interface for tasks such as project initialization (rails new) and database configuration (rails db:create).
- [PROMPT_INJECTION]: The skill facilitates the generation of application code based on user-provided requirements, which introduces a potential surface for indirect prompt injection.
- Ingestion points: User input is used to specify application features, data models, and business logic which the agent then converts into code.
- Boundary markers: The skill does not explicitly define markers for the generated code but heavily emphasizes adherence to Rails security conventions.
- Capability inventory: The skill utilizes the rails CLI for generating application structures and managing database environments.
- Sanitization: The skill's 'Best Practices' section explicitly mandates the use of strong parameters to filter user input and parameterized Active Record queries to mitigate SQL injection vulnerabilities.
Audit Metadata