dhh-rails-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- No Code (SAFE): The skill consists entirely of markdown instructions and does not include any scripts, binaries, or executable logic.
- Prompt Injection (SAFE): While the instructions use forceful language and direct the AI to be 'ruthless,' these are stylistic constraints for the persona and do not attempt to override system-level safety filters or instructions.
- Indirect Prompt Injection (LOW): The skill is designed to process user-provided code snippets which are untrusted. 1. Ingestion points: Rails code and architectural plans provided by the user in the prompt context. 2. Boundary markers: Absent; there are no clear delimiters separating user-provided data from system instructions. 3. Capability inventory: The skill is limited to generating text-based feedback and lacks file system or network access. 4. Sanitization: No sanitization or validation of the input code is performed.
Audit Metadata