Skills
skills/shoebtamboli/rails_claude_skills/rails-api-controllers/Gen Agent Trust Hub

rails-api-controllers

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains a SQL injection vulnerability in the filtering and sorting implementation within SKILL.md. User-provided parameters are directly concatenated into an ActiveRecord query. Specifically, the variables sort_column and sort_direction, derived from params[:sort_by] and params[:order], are interpolated into the @articles.order() method without validation. An attacker could exploit this to manipulate database queries, potentially leading to unauthorized data extraction or modification.
  • [EXTERNAL_DOWNLOADS]: The skill references several external dependencies for core functionality. These include well-known Ruby gems such as jwt, rack-cors, rack-attack, kaminari, pagy, and rswag. These are trusted, industry-standard libraries within the Rails ecosystem and are documented neutrally as intended configuration tools.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 05:32 PM