real-world-rails
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to read and synthesize code from over 200 production Rails applications in the 'real-world-rails' repository, which creates an indirect prompt injection surface. Maliciously crafted content within those repositories (such as instructions hidden in code comments) could potentially hijack the agent's reasoning or influence its synthesis of patterns.\n
- Ingestion points: The agent is directed to read files from the 'apps/' and 'engines/' subdirectories within the 'real-world-rails' local directory.\n
- Boundary markers: The skill provides no delimiters or instructions for the agent to separate its core instructions from the content of the analyzed code, increasing the risk that the agent may follow instructions found within the code.\n
- Capability inventory: The agent is encouraged to 'Spin up parallel agents' and 'Synthesize' its findings, meaning injected instructions could potentially influence secondary agents or the final analysis output.\n
- Sanitization: No sanitization, escaping, or validation of the ingested code content is required or described in the skill instructions.
Audit Metadata