moai-lang-ruby
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains no instructions attempting to override system prompts, bypass safety filters, or extract underlying instructions.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths (like ~/.ssh or ~/.aws) were detected. The network surface is limited to standard package management via RubyGems.
- [Unverifiable Dependencies] (SAFE): The skill utilizes standard dependency management (Gemfile/Bundler) pointing to the official 'rubygems.org' source. There are no patterns involving piped remote script execution (e.g., curl|bash).
- [Command Execution] (SAFE): Access to the Bash tool is strictly prefixed and limited to necessary development utilities such as ruby, gem, bundle, rake, rspec, rubocop, and rails.
- [Security Best Practices] (SAFE): The skill includes a dedicated 'Security Best Practices' section in its documentation, correctly demonstrating how to prevent SQL injection, implement CSRF protection, and use strong parameters in Rails controllers.
- [Persistence & Privilege Escalation] (SAFE): There are no attempts to modify shell profiles, set up cron jobs, or use elevated privileges (sudo).
Audit Metadata