inertia-rails
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- SAFE (SAFE): The skill provides architectural guidance and code templates for legitimate development. No malicious behavior, prompt injection, or obfuscation was detected.
- EXTERNAL_DOWNLOADS (LOW): The skill utilizes standard package managers (Bundler, NPM) to install dependencies such as
inertia_railsand@inertiajs/react. It also documents the use ofnpx shadcn@latestfor UI component setup, which involves executing code from the npm registry. - Indirect Prompt Injection (LOW): A vulnerability surface for Cross-Site Scripting (XSS) is identified in
workflows/create-page.mdthrough the use ofdangerouslySetInnerHTML={{ __html: post.body }}. Evidence Chain: 1. Ingestion points:post.bodyvariable in the React component. 2. Boundary markers: Absent. 3. Capability inventory: Rendering of arbitrary HTML in the user's browser. 4. Sanitization: Absent in the provided code snippet. This pattern can be dangerous if the source data is not properly sanitized before being passed to the frontend.
Audit Metadata