authorization-pundit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues detected. The skill serves as a technical template for implementing resource-level authorization.
- EXTERNAL_DOWNLOADS (LOW): The skill references
bundle add pundit. Pundit is a widely-used, trusted open-source Ruby gem for authorization. Following the [TRUST-SCOPE-RULE], this is considered a standard development dependency. - COMMAND_EXECUTION (LOW): Uses standard Ruby on Rails CLI commands (
bin/rails generate) to scaffold policies. These commands are local and routine for the described task. - DATA_EXPOSURE (SAFE): The provided code samples utilize standard Rails patterns for data access (fixtures like
users(:one)) and do not contain hardcoded credentials or access to sensitive system paths. - INDIRECT_PROMPT_INJECTION (LOW): While the skill defines how an agent might handle authorization logic, it includes robust boundary markers such as
policy_scopeandauthorizecalls that act as security checkpoints, reducing the risk of unauthorized data access through the agent.
Audit Metadata