The Agent Skills Directory

SAFE (SAFE): A comprehensive review of all 14 files, including templates, YAML patterns, and workflow instructions, confirms that the skill is a legitimate developer tool. No signs of obfuscation, credential theft, or unauthorized network activity were found.
Dynamic Execution (LOW): The skill generates shell scripts (e.g., detect_rails_80_changes.sh) from a predefined template (detection-script-template.sh) to search for version-specific breaking changes. These scripts use standard, non-destructive Unix commands like grep, find, and wc. This behavior is central to the skill's primary purpose and is implemented safely.
Indirect Prompt Injection (LOW): The tool's workflow involves reading project-specific files such as the Gemfile and config/application.rb to personalize its upgrade reports. While this involves processing untrusted user data, the ingestion is intended for analysis and reporting, posing minimal risk in the context of a code-auditing assistant.

rails-upgrade-assistant