rails-generators
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill consists of technical documentation and ERB templates for automating Ruby on Rails development tasks.
- [COMMAND_EXECUTION]: The documentation includes examples of using the Thor
runmethod to execute shell commands likebundle install,yarn add, andrails db:migrate. These are standard patterns for Rails generators and are presented in an educational context. - [PROMPT_INJECTION]: The skill describes an indirect prompt injection surface where user-provided arguments (e.g., model names, dependencies) are interpolated into generated code and file paths.
- Ingestion points: Arguments and
class_optiondeclarations inSKILL.mdand reference files. - Boundary markers: Not explicitly present in generated code templates.
- Capability inventory: File writing (
create_file,template), file modification (insert_into_file,gsub_file), and shell execution (run) via Thor actions. - Sanitization: The examples correctly utilize Rails built-in sanitization helpers such as
file_name,class_name, andtable_nameto handle user input. - [EXTERNAL_DOWNLOADS]: Mentions of external packages and repositories (e.g.,
generator_specon RubyGems and official Rails documentation on GitHub) are documented neutrally and point to well-known, trusted sources.
Audit Metadata