inertia-rails-setup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill recommends cloning starter kits from 'github.com/inertia-rails', which is not a verified trusted organization, followed by the execution of 'bin/setup'.
- Dynamic Execution (MEDIUM): The provided frontend configuration uses 'import.meta.glob' with computed string keys to dynamically resolve and load page components.
- Indirect Prompt Injection (LOW): The setup establishes a surface where untrusted data (flash messages and user data) enters the application context. 1. Ingestion points: application_controller.rb (flash, user data). 2. Boundary markers: Absent. 3. Capability inventory: Full web application logic and potential subprocess execution via Ruby. 4. Sanitization: Relies on default Rails HTML escaping.
Recommendations
- AI detected serious security threats
Audit Metadata