hotwire
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill directs the agent to hotwire.dev for additional documentation. Ingestion point: external website. Boundary markers: absent. Capability inventory: high (Rails development environment). Sanitization: absent. While this is a trusted resource, processing external content is an inherent surface for indirect prompt injection.
- [External Downloads] (INFO): The skill provides a configuration example for loading the lodash library from a public CDN (jspm.io) using import maps. This is a standard and recommended practice in the Rails ecosystem for managing JavaScript dependencies.
Audit Metadata