dhh-rails-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted external content (Rails source code) and possesses the capability to suggest or write code.
- Ingestion points: Processes Rails code files and potentially pull request data provided during interaction.
- Boundary markers: Absent. There are no instructions to the agent to treat input code as data only or to ignore embedded instructions.
- Capability inventory: Writing new Rails code, reviewing code, and making architectural decisions are high-impact capabilities if influenced by malicious input.
- Sanitization: None provided in the instructions.
- External References (LOW): The skill mandates reading 'references/style-guide.md'. While this is a local reference, the safety of the skill depends on the contents of this unprovided file and the agent's ability to distinguish it from untrusted code.
Recommendations
- AI detected serious security threats
Audit Metadata