ruby-gems-bundler
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard and trusted package sources like rubygems.org. While it includes commands to install software (bundle install, gem install), these are the primary intended functions of the skill and follow standard Ruby development workflows.
- [COMMAND_EXECUTION] (SAFE): Shell commands are restricted to package management and local development tasks (e.g., bundle exec, gem build). No obfuscated commands, privilege escalation (sudo), or piped remote script executions (curl | bash) were detected.
- [CREDENTIALS_UNSAFE] (SAFE): The skill explicitly lists 'Don't hardcode credentials' as a best practice under its Anti-Patterns section. Examples involving private repository access use clear placeholders like 'your-token' and 'your-username'.
- [DATA_EXFILTRATION] (SAFE): No commands were found that attempt to access sensitive system files (~/.ssh, etc.) or transmit local data to unauthorized external domains.
Audit Metadata