action-view
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is strictly educational, providing documentation and code patterns for Rails developers.
- [DATA_EXPOSURE]: No hardcoded credentials, API keys, or access to sensitive local file paths (e.g., .ssh, .env) were detected.
- [REMOTE_CODE_EXECUTION]: There are no patterns involving the download and execution of remote scripts (e.g., curl | bash) or the installation of untrusted packages.
- [PROMPT_INJECTION]: The content does not contain instructions designed to bypass agent safety filters or override system instructions.
- [INDIRECT_PROMPT_INJECTION]: While the skill provides templates for handling user-generated content in web views, it correctly documents and demonstrates the use of sanitization helpers like
sanitizeandstrip_tagsto prevent XSS. It does not ingest untrusted data into the agent's own execution context.
Audit Metadata