rails-debugger
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Detected potential for Indirect Prompt Injection (Category 8) due to the skill's core function of analyzing application logs.
- Ingestion points: The skill reads
log/development.logusingtailandgrepto diagnose errors. - Boundary markers: Absent. There are no instructions to ignore or delimit instructions found within the logs.
- Capability inventory: The skill is granted
Bash,Read,Grep, andGlobtools, providing a significant surface for command execution or file modification if an injection is successful. - Sanitization: Absent. Log content is processed directly for analysis.
- Context: An attacker who can influence log output (e.g., via web request parameters that get logged) could attempt to inject instructions for the agent to execute while it is debugging the logs.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill includes
bundle install, which downloads external Ruby gems. While this involves network activity and package installation, it is the standard and expected behavior for a Rails development tool and is considered low risk in this specific context. - [COMMAND_EXECUTION] (SAFE): The skill uses
Bashto run diagnostic commands likegit log,bin/rails routes, andbundle check. These are restricted to standard development workflows and do not show signs of privilege escalation or malicious intent.
Audit Metadata