dspy-ruby
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill documents the
DSPy::CodeActmodule inreferences/core-concepts.md. This feature allows the LLM to generate and execute Ruby code at runtime to solve tasks. While intended for problem-solving, executing LLM-generated code is a high-risk activity that can lead to arbitrary code execution if the environment is not properly sandboxed. - [PROMPT_INJECTION] (LOW): The skill demonstrates processing untrusted data through templates in
assets/module-template.rb. This creates a surface for indirect prompt injection. - Ingestion points:
email_subject,email_body, andtaskparameters inassets/module-template.rbandassets/signature-template.rb. - Boundary markers: No explicit boundary markers (e.g., XML tags or delimiters) are implemented in the templates to isolate user input from instructions.
- Capability inventory: The
AgentModuleutilizes several tools (SearchTool,CalculatorTool,DatabaseQueryTool) which could be subject to manipulation through injected commands in the input data. - Sanitization: No input sanitization or validation logic is present in the templates to filter potentially malicious instructions.
- [EXTERNAL_DOWNLOADS] (LOW): The
references/providers.mdfile recommends the installation of variousdspy-*gems. While these are legitimate library extensions, users should ensure they are sourced from trusted registries. This is noted as low risk as it follows standard library dependency patterns.
Audit Metadata