moai-lang-ruby
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process untrusted external data (Ruby code, Gemfiles) and has powerful write/execute capabilities through Bash access. This creates a high-tier attack surface where malicious instructions embedded in a project's files could potentially influence agent actions. [Evidence Chain: 1. Ingestion Points: Ruby source files, Gemfiles, Rakefiles. 2. Boundary Markers: None explicitly defined in the instructions. 3. Capability Inventory: Bash access for ruby, rails, bundle, rake, rspec, and rubocop. 4. Sanitization: The skill provides no runtime sanitization of processed data, although its documentation promotes safe coding practices.]
- Command Execution (LOW): The skill requests permission to execute specific Ruby-related shell commands. This is a functional requirement but contributes to the high-tier capability inventory for indirect injection.
- External Downloads (INFO): The skill references rubygems.org for dependency management. This is considered a trusted source per [TRUST-SCOPE-RULE].
Recommendations
- AI detected serious security threats
Audit Metadata