erb-to-squarekit-view-migration
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform local command-line operations using project-specific scripts and standard development tools.
- Evidence: Phase 3 and Phase 4 of SKILL.md include instructions to run commands like
bundle exec rails generate,bin/dump_graphql_schema,npm run codegen, andnpm run sync-translations. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection as its core functionality involves the analysis of untrusted local source files while maintaining capabilities for shell execution and filesystem modification.
- Evidence:
- Ingestion points: Phase 0 and Phase 3 of SKILL.md require the agent to deeply read and map various local ERB templates, Ruby domain files, and GraphQL schemas which could contain malicious instructions.
- Boundary markers: Absent. No instructions are provided to the agent to use specific delimiters or to disregard instructions that might be embedded within the source code being analyzed.
- Capability inventory: The agent is tasked with file creation (PR splits), automated code generation, and shell execution of local scripts.
- Sanitization: Absent. The skill does not mention validation or escaping the content of the ingested source files before processing.
Audit Metadata