Skills
NYC
skills/dchuk/rails_ai_agents/install/Gen Agent Trust Hub

install

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOWCOMMAND_EXECUTION
Full Analysis

================================================================================

✅ VERDICT: SAFE

This skill is a set of instructions for bootstrapping a new Rails 8 application. All commands and code snippets provided are standard and benign for this purpose. The skill does not contain any malicious patterns, attempts at data exfiltration, privilege escalation, or persistence mechanisms. The use of bundle install to fetch dependencies is a standard practice in Ruby/Rails development and relies on trusted package sources (RubyGems.org).

Total Findings: 1

ℹ️ TRUSTED SOURCE References: • Unverifiable Dependencies

  • Line 147: The skill instructs the user to run bundle install, which installs Ruby gems from external sources. RubyGems.org is considered a trusted source, and the listed gems (debug, brakeman, rubocop-rails-omakase, bullet) are standard development tools. This is noted as an informational finding due to reliance on external code, but does not elevate the overall risk.

================================================================================

Detailed Breakdown:

  • Metadata Poisoning: No malicious instructions were found in the skill's name, description, or allowed-tools metadata. The allowed-tools (Read, Write, Edit, Bash, Glob, Grep) grant significant capabilities, but the skill's instructions use them benignly for application setup.
  • Prompt Injection: No prompt injection patterns (e.g., IMPORTANT: Ignore, role-play instructions) were detected in the markdown content.
  • Data Exfiltration: No commands attempting to read sensitive files (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or exfiltrate data to external, untrusted domains were found.
  • Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in the skill's content.
  • Unverifiable Dependencies: The skill instructs the user to run bundle install (Line 147). This command installs Ruby gems from external sources. While this introduces external code, RubyGems.org is a trusted package repository, and the specific gems listed in the Gemfile are standard and reputable development tools. This is noted as an informational finding (LOW severity) due to the trusted nature of the source and the necessity for the skill's function.
  • Privilege Escalation: No sudo, doas, chmod on system files, or other privilege escalation attempts were found. All operations are confined to the user's project directory.
  • Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, crontab, authorized_keys) were found.
  • Indirect Prompt Injection: The skill does not process external user-supplied content in a way that would lead to indirect prompt injection, so this threat category is not directly applicable to the skill's operation.
  • Time-Delayed / Conditional Attacks: No conditional logic for time-delayed or environment-specific malicious actions was detected.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 08:00 AM