active-job-coder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection risk (Category 8). The skill is designed to ingest and process untrusted data from a codebase via the Read, Grep, and Glob tools. It lacks boundary markers or instructions to disregard malicious prompts embedded within those files. Because the skill also has access to the Bash and Write tools, an attacker could hide instructions in a repository to trigger unauthorized command execution or introduce backdoors during the refactoring process. Evidence Chain: 1. Ingestion points: File system via Read, Grep, Glob. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit. 4. Sanitization: Absent.
- [COMMAND_EXECUTION] (MEDIUM): The skill is explicitly permitted to use the Bash tool. While relevant for a Rails development agent, this capability increases the severity of any successful prompt injection by allowing direct interaction with the host system.
Recommendations
- AI detected serious security threats
Audit Metadata