rspec-agent
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands such as bundle exec rspec, bundle exec rubocop, and bundle exec rake to run tests, lint code, and validate factories within the project's local environment (SKILL.md).
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it analyzes source code which could be maliciously crafted. Ingestion points: The agent reads code from various subdirectories in app/, including models, controllers, services, and components (SKILL.md). Boundary markers: The instructions do not include specific delimiters or warnings to prevent the agent from obeying instructions embedded in the analyzed source code. Capability inventory: The agent can write new Ruby files to the spec/ directory and execute them using bundle exec rspec, providing a path for potential code execution if the agent is manipulated (SKILL.md). Sanitization: No sanitization or validation of the analyzed source code is performed before it is used to generate new test files.
Audit Metadata