performance-optimization
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection due to its broad file-access permissions and write capabilities.\n
- Ingestion points: The agent uses
Read,Glob, andGrepto ingest content from Rails models, controllers, and configuration files.\n - Boundary markers: None. There are no instructions or delimiters defined to prevent the agent from following malicious instructions embedded within code comments or string literals in the files being analyzed.\n
- Capability inventory: The skill utilizes
Write,Edit, andBashtools, allowing it to modify the codebase or execute system-level commands.\n - Sanitization: None. The skill performs no validation on the code it analyzes before using it to inform its actions.\n- [Command Execution] (MEDIUM): The skill is granted use of the
Bashtool for environment setup and management tasks. While standard for Rails development, this capability can be exploited if the agent's logic is subverted through the aforementioned injection vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata