inertia-rails-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes
npx shadcn@latest init(and framework-specific variants) in Step 3. This pattern downloads and executes code directly from the npm registry at runtime, which is an unverified remote execution vector. - [PROMPT_INJECTION] (HIGH): This skill exhibits a significant Indirect Prompt Injection surface (Category 8). It ingests untrusted data from
Gemfileandpackage.jsonto determine its execution flow. - Ingestion points:
Gemfileandpackage.json(SKILL.md Step 1). - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore potential malicious content within the analyzed files.
- Capability inventory: High. The skill can execute shell commands (
bundle add,npx,rails generate) and write/modify files (CLAUDE.md,tsconfig.json,app/resources/application_resource.rb). - Sanitization: Absent; the skill relies on string matching within project files to decide which commands to execute without validating the content or source of those files.
- [COMMAND_EXECUTION] (HIGH): The skill performs multiple arbitrary shell operations including
bundle add [gems],rails generate, andnpxinitialization, which provide an attacker controlling the project files a path to execute arbitrary commands through the agent's environment. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill promotes the installation of several external Ruby gems and Node packages. While these are common libraries, they are downloaded from external registries at runtime without version pinning or integrity checks in the instructions.
Recommendations
- AI detected serious security threats
Audit Metadata