Skills
NYC
skills/dchuk/rails_ai_agents/caching-strategies/Gen Agent Trust Hub

caching-strategies

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOWNO_CODE
Full Analysis

The skill 'caching-strategies' is a markdown file (SKILL.md) that serves as a comprehensive guide to implementing various caching patterns in Rails applications. It includes code snippets for Ruby and ERB, and a single shell command bin/rails dev:cache which is a standard, benign Rails command to enable development caching.

  1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'CRITICAL: Override', role-play injection) were found in the skill's description or content.
  2. Data Exfiltration: The skill does not contain any commands or instructions that attempt to read sensitive files or send data to external, non-whitelisted domains.
  3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or URL/hex/HTML encoding were detected.
  4. Unverifiable Dependencies: The skill describes Rails features and assumes a Rails environment. It does not instruct the agent to install any external, unverified dependencies via package managers or direct downloads from untrusted sources.
  5. Privilege Escalation: There are no commands or instructions that attempt to gain elevated privileges (e.g., sudo, chmod 777, modifying system files).
  6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying shell profiles, creating cron jobs, or systemd services) were found.
  7. Metadata Poisoning: The skill's name and description are benign and accurately reflect its purpose. No malicious instructions were found hidden in metadata fields.
  8. Indirect Prompt Injection: This skill is informational and does not process external user-supplied content, so it is not susceptible to indirect prompt injection.
  9. Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers for malicious behavior were identified.

The allowed-tools list includes Read, Write, Edit, Bash, Glob, Grep. While these tools grant significant capabilities to the agent, the content of this specific skill does not instruct the agent to use them in a malicious way. The skill itself is a static knowledge base.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 08:00 AM