rails-audit
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's subagents (documented in agents/simplecov_agent.md and agents/rubycritic_agent.md) instruct the AI to install and execute third-party Ruby gems and the project's own test suite (e.g., bundle exec rspec). This involves executing code from external registries and the local project on the host environment.
- [COMMAND_EXECUTION]: The audit flow requires the execution of shell commands to perform setup tasks, gathered metrics, and manage project state. Examples include bundle install, git stash, and bin/spring stop, which are executed during the opt-in metrics collection phase.
- [EXTERNAL_DOWNLOADS]: The skill triggers the download of Ruby packages from the public RubyGems registry through the bundle install command during setup.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It uses Read, Glob, and Grep tools to process the entire target application's codebase (including app/, lib/, and spec/) without employing boundary markers or instructions to isolate untrusted file content. Malicious code or comments within the audited project could potentially influence the agent's behavior during the analysis phase.
Audit Metadata