mailer-agent
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or persistence mechanisms were detected. The skill is consistent with its stated purpose as a Rails development tool.
- [COMMAND_EXECUTION]: The skill relies on standard Ruby and Rails CLI tools such as bundle exec, bin/rails, and rspec to perform its tasks. These are expected capabilities for an ActionMailer development expert.
- [PROMPT_INJECTION]: The skill handles untrusted data through ActiveRecord models which are then used in email templates. Ingestion points: app/models/ data via app/mailers/ templates. Boundary markers: Absent. Capability inventory: File creation and modification in mailer, view, and spec directories; shell command execution via bundle and rails. Sanitization: Relies on default Rails ERB escaping. This represents a potential surface for indirect prompt injection, though it is consistent with standard application development and considered low risk.
Audit Metadata