hotwire-coder
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (SAFE): The skill content is limited to technical Rails guidance and does not attempt to bypass safety filters or override agent behavior.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive local file paths, or exfiltration patterns were identified.
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection via the processing of user-provided code. Evidence Chain: 1. Ingestion points: User files processed via Read, Glob, and Grep tools. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, and Read. 4. Sanitization: Absent.
- Obfuscation (SAFE): No hidden, encoded, or obfuscated content was found in the documentation or code snippets.
- Remote Code Execution (SAFE): No patterns for downloading and executing untrusted remote code or unverifiable dependencies were detected.
Audit Metadata