sandi-metz-rules
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on code analysis and refactoring. There are no attempts to override system prompts or bypass safety filters.
- [Data Exposure & Exfiltration] (SAFE): No network operations (curl, wget, etc.) or sensitive file paths are present. There are no hardcoded credentials or secrets.
- [Remote Code Execution] (SAFE): The skill does not download or execute remote scripts. It suggests the use of standard Ruby gems (RuboCop, Reek) for static analysis but does not invoke them.
- [Command Execution] (SAFE): No subprocess calls or arbitrary command execution patterns were found.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze user-provided Ruby code. While this represents a surface for indirect prompt injection, the skill's narrow focus on structural code metrics (line counts, parameter counts) minimizes the risk of the agent obeying instructions embedded in the analyzed code.
Audit Metadata