Skills
NYC
skills/dchuk/rails_ai_agents/database-migrations/Gen Agent Trust Hub

database-migrations

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOWNO_CODE
Full Analysis

The skill 'database-migrations' is a documentation-only skill that outlines best practices and patterns for creating database migrations in Ruby on Rails. It contains code examples in bash and Ruby (ActiveRecord migrations) but does not include any executable scripts that would run automatically as part of the skill's operation.

  1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', role-play instructions, developer mode activation) were found. The language is instructional and technical.
  2. Data Exfiltration: The skill does not contain any commands or code that attempt to read sensitive files (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or send data to external, non-whitelisted domains. The bash commands shown are standard Rails CLI commands.
  3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, Unicode homoglyphs, or URL/hex/HTML encoding were detected. The content is clear and readable.
  4. Unverifiable Dependencies: The skill describes patterns for using Ruby on Rails and ActiveRecord, which are standard frameworks. It does not include commands to install external, unverified packages (e.g., npm install, pip install) or download code from untrusted sources.
  5. Privilege Escalation: No commands like 'sudo', 'doas', 'chmod +x', or attempts to modify system files or install services were found. The commands are standard development operations.
  6. Persistence Mechanisms: There are no attempts to establish persistence, such as modifying shell configuration files (~/.bashrc), creating cron jobs, or altering SSH authorized_keys.
  7. Metadata Poisoning: The skill's name and description in the YAML front matter are benign and accurately reflect the skill's purpose. No malicious instructions were hidden in metadata.
  8. Indirect Prompt Injection: This skill is a static guide and does not process external user-supplied data in a way that would make it susceptible to indirect prompt injection.
  9. Time-Delayed / Conditional Attacks: No conditional logic designed to trigger malicious behavior based on time, usage, or environment variables was detected.

Overall, the skill is a benign informational resource. It does not contain any active threats or malicious code.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 08:00 AM