rails
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes and stores untrusted project data without explicit boundaries. 1. Ingestion points: User prompts and data retrieved via
memoryStore(SKILL.md). 2. Boundary markers: Absent; the workflow does not use delimiters to isolate untrusted data from instructions. 3. Capability inventory: Writing files to/claudedocs/and updating persistent memory viamemoryStore.update(SKILL.md). 4. Sanitization: Absent; no validation or escaping of external content is performed. - [DATA_EXFILTRATION] (SAFE): The skill restricts file operations to a specific local directory (
/claudedocs/) and internal memory stores. No network exfiltration or sensitive file access (e.g., SSH keys) was detected. - [REMOTE_CODE_EXECUTION] (SAFE): No remote script execution, package installation, or dynamic evaluation of untrusted input was identified.
Audit Metadata