rails-query-object
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it transforms user-provided descriptions of database queries into executable Ruby code and test files.
- Ingestion points: User prompts describing "queries, stats, dashboards, or data aggregation" as defined in the skill metadata.
- Boundary markers: No explicit delimiters or instructions are provided to sanitize or isolate user input before it is interpolated into code templates.
- Capability inventory: The skill uses 'Write' to create files in 'app/queries/' and 'test/queries/', and 'Bash' to execute 'bin/rails test'.
- Sanitization: No sanitization logic is present to prevent escaping the Ruby string/code context.
- Command Execution (HIGH): The skill explicitly uses the 'Bash' tool to execute 'bin/rails test'. Because this command runs code generated from user-controlled input, it facilitates Remote Code Execution (RCE) if the generated code is malicious.
- Dynamic Execution (MEDIUM): The skill follows a pattern of script generation and execution (Category 10). It writes '.rb' files to the filesystem and then executes them within the Rails environment. This is a standard but high-risk development pattern for an AI agent.
- False Positive Alert (INFO): The automated scan flagged 'Lead.statuses.keys.ma' as a phishing URL. This is a false positive; the string is part of the Ruby method chain 'keys.map(&:to_sym)', where the scanner misidentified the '.map' method as a '.ma' TLD.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata