rails-active-storage
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Technical documentation in 'file-operations.md' demonstrates the use of 'system' with string interpolation: 'system "ffmpeg -i #{file.path}"'. This pattern is vulnerable to command injection if an attacker can influence the filename or temporary storage path, which is possible in many Active Storage configurations.
- [REMOTE_CODE_EXECUTION] (HIGH): The utility scripts 'upload_document.rb' and 'generate_variants.rb' use the '.constantize' method directly on inputs from 'ARGV'. This allows an attacker who can execute the script to instantiate any arbitrary class available in the Rails environment, serving as a primary vector for remote code execution.
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core function of processing untrusted external content (user-uploaded files) combined with dangerous execution capabilities. 1. Ingestion points: 'has_one_attached' and 'has_many_attached' attachment fields. 2. Boundary markers: Absent in documentation and processing examples. 3. Capability inventory: 'system()' calls for media processing (ffmpeg/poppler), '.constantize()' for class resolution, and raw SQL execution in 'examples.md'. 4. Sanitization: No evidence of shell escaping, class whitelisting, or SQL parameterization is provided in the relevant sections.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata