viewcomponent-coder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill recommends a setup command
rails app:template LOCATION="https://railsbytes.com/script/zJosO5"inSKILL.md. This is a critical remote code execution vector because Rails templates are Ruby scripts that execute with the developer's privileges. Sincerailsbytes.comis not an approved trusted source, this is functionally equivalent to piping an untrusted remote script into a shell, allowing for arbitrary filesystem access, shell command execution, or data exfiltration. - [EXTERNAL_DOWNLOADS] (HIGH): The skill explicitly directs users to download and execute code from a non-whitelisted domain (
railsbytes.com). This violates security principles regarding verifiable dependencies and exposes the user to potential supply-chain attacks if the third-party script or domain is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata