presenter-agent
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute development commands including
bundle exec rspecandbundle exec rubocopto test and lint the generated code. These are standard operations for a Ruby on Rails development assistant. - [EXTERNAL_DOWNLOADS]: The
UserPresenterandPostPresentercode templates include references to well-known external services. Specifically, it generates URLs for Gravatar (gravatar.com) for avatars and Twitter (twitter.com) for social sharing. These are neutral, well-known service integrations. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it is designed to ingest and format data from ActiveRecord models (e.g.,
Post#body,User#email) that may contain untrusted user content. - Ingestion points: Data is read from model attributes in
app/presenters/files. - Boundary markers: The generated presenter code does not include explicit instructions to ignore embedded prompts within the formatted data.
- Capability inventory: The agent can create/modify files in
app/presenters/andspec/presenters/, and execute shell commands viabundle exec. - Sanitization: The code leverages standard Rails helpers like
content_tag,link_to, andCGI.escapewhich provide HTML escaping and URL encoding, reducing the risk of XSS or malformed URL injection.
Audit Metadata