Skills
NYC
skills/dchuk/rails_ai_agents/active-storage-setup/Gen Agent Trust Hub

active-storage-setup

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
  1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'jailbreak' phrases) were detected. The language is purely instructional.
  2. Data Exfiltration: The skill references AWS credentials via Rails.application.credentials.dig in a configuration snippet. This is a standard and secure method for accessing encrypted credentials in Rails; the skill describes its use but does not attempt to exfiltrate any sensitive data. No curl, wget, or similar commands are used to send data to external, non-whitelisted domains.
  3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or URL/hex/HTML encoding were detected within the skill's content.
  4. Unverifiable Dependencies: The skill instructs the user to run bundle add image_processing and mentions gem "active_storage_validations". These commands install Ruby gems from the RubyGems.org registry. While RubyGems.org is a widely used and generally trusted package registry, these are external dependencies. The JavaScript import @rails/activestorage refers to a component of the Rails framework itself, which is a trusted, internal dependency. The external gem installations are noted as a LOW severity finding due to being standard dependencies from a trusted package ecosystem.
  5. Privilege Escalation: No commands like sudo, chmod +x, chmod 777, or instructions for service/daemon installation were found.
  6. Persistence Mechanisms: No patterns indicating attempts to establish persistence (e.g., modifying shell profiles, creating cron jobs, or altering SSH authorized_keys) were detected.
  7. Metadata Poisoning: The skill's metadata (name, description, allowed-tools) is benign and accurately reflects its stated purpose. No malicious instructions were found embedded in these fields.
  8. Indirect Prompt Injection: The skill itself is instructional and does not process external user-supplied content, thus it is not directly vulnerable to indirect prompt injection. It describes setting up a system that might process user content (file uploads), but this is a risk for the user's application, not the skill itself.
  9. Time-Delayed / Conditional Attacks: No conditional logic (e.g., date/time checks, usage counters, environment-specific triggers) that could enable time-delayed or conditional malicious behavior was found.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 08:00 AM