inertia-rails-ssr
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Privilege Escalation] (MEDIUM): The skill instructs the user to use
sudo systemctlto enable and start the SSR service. While this is a standard step for production deployment, it involves executing commands with administrative privileges. - [Persistence Mechanisms] (MEDIUM): The documentation includes instructions for creating a systemd service file at
/etc/systemd/system/inertia-ssr.service, which establishes a persistence mechanism to ensure the SSR server starts automatically on system boot. - [Indirect Prompt Injection] (LOW): The SSR entry points ingest and process page data that may originate from untrusted sources.
- Ingestion points:
app/frontend/ssr/ssr.js(receivespageprops). - Boundary markers: Absent in the provided templates.
- Capability inventory:
renderToStringandReactDOMServer.renderToStringare used to generate HTML output. - Sanitization: Relies on the default security features of Vue 3 and React.
- [Command Execution] (LOW): The setup guide suggests running build and process management commands such as
bin/vite buildandpm2, which are routine developer operations. - [False Positive Alert] (SAFE): An automated scanner incorrectly flagged
Rails.logger.infoas a malicious URL. Technical analysis confirms this is a standard Ruby on Rails logging method used within a performance-tracking block and poses no security risk.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata