solid-queue-coder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to work with and configure existing codebases, creating an attack surface for indirect prompt injection.
- Ingestion points: Uses
Read,Grep, andGlobto ingest content from the filesystem (e.g., existing Rails configuration and job files). - Boundary markers: Absent. The skill lacks instructions to distinguish between its own logic and potentially malicious instructions embedded in the files it processes.
- Capability inventory: Possesses
Bash(arbitrary command execution) andWrite/Edit(filesystem modification) tools. - Sanitization: Absent. There is no logic to sanitize or validate the content of the files read before potentially using that information in a decision-making process or command generation.
- [Command Execution] (MEDIUM): The skill is explicitly granted
Bashtool access. While common for developer tools, in the context of an agent reading untrusted local files, this provides the primary mechanism for arbitrary code execution (ACE) if an injection occurs. - [Data Exposure & Exfiltration] (SAFE): The skill correctly uses environment variables (
ENV["DATABASE_URL"]) for sensitive configuration instead of hardcoding credentials, following Rails best practices.
Recommendations
- AI detected serious security threats
Audit Metadata