37signals-rails
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains instructional directives that guide the AI agent to follow specific coding patterns (e.g., avoiding certain gems). These are functional constraints aligned with the skill's purpose and do not attempt to bypass safety filters or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded secrets, or exfiltration logic were found. Code examples for authentication use standard Rails security features like has_secure_password and generates_token_for.
- [Remote Code Execution] (SAFE): The skill does not perform any remote script execution or automated downloads. While it recommends specific gems like 'solid_queue', these are well-known, trusted libraries within the Rails ecosystem.
- [Obfuscation] (SAFE): All content is provided in clear text with no evidence of Base64 encoding, zero-width characters, or other obfuscation techniques.
- [Dynamic Execution] (SAFE): No use of eval, exec, or other unsafe dynamic code patterns. The code snippets provided are static examples for developer reference.
Audit Metadata