gem-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill references and suggests the use of various gems (searchkick, lockbox, pghero, ahoy) and links to an external GitHub account ('ankane') which is not in the defined trusted scope per [TRUST-SCOPE-RULE].
- [REMOTE_CODE_EXECUTION] (HIGH): Recommended workflows involve 'bundle install' and 'bundle exec' commands, which download and execute code from external registries (RubyGems) or GitHub repositories.
- [COMMAND_EXECUTION] (MEDIUM): The 'Bash' tool is enabled and templates use 'IO.popen' for subprocess execution in the gemspec, creating a broad attack surface for command injection if directory names or environment variables are manipulated.
- [DYNAMIC_EXECUTION] (MEDIUM): The DSL templates demonstrate the use of 'module_eval' and 'define_method' to generate and execute code at runtime, a technique that can be exploited if interpolated with untrusted data.
- [INDIRECT_PROMPT_INJECTION] (HIGH): Mandatory Evidence Chain: 1. Ingestion points: Agent processes user-provided code or requirements for gem creation (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, MultiEdit tools. 4. Sanitization: Absent. The skill lacks instructions to sanitize or isolate untrusted code before applying templates.
Recommendations
- AI detected serious security threats
Audit Metadata