a-plus-onboard-correction
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Generates administrative Ruby scripts intended for execution on target servers. These scripts use
ActiveRecordfor direct database manipulation, includingcreate!,update_all, and soft-delete (discard) operations. - [COMMAND_EXECUTION]: Scripts interact with the application's background processing infrastructure by enqueuing Sidekiq jobs (
AttendancePlus::Job::SyncSchoolAttendance.perform_async). - [REMOTE_CODE_EXECUTION]: The skill's primary function is dynamic code generation. It constructs complete Ruby scripts that load the full application environment using
require_relative '../config/environment'. - [COMMAND_EXECUTION]: The skill is explicitly designed to bypass application-level safety guards (such as the
tiers_mutable?check mentioned inreferences/tiers.md) to perform restricted database updates via directActiveRecordcalls. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection where malicious user input could influence the generated script logic.
- Ingestion points: User requests provided as "Business Language" (described in
SKILL.md). - Boundary markers: None; the skill lacks delimiters or instructions to ignore embedded commands in user input.
- Capability inventory: Perform database writes (
create!,update_all), soft-deletes, and Sidekiq job enqueuing across all generated scripts. - Sanitization: None; user-provided strings and values are interpolated directly into Ruby code templates.
Audit Metadata