Skills
skills/thibautbaissac/rails_ai_agents/security-audit/Gen Agent Trust Hub

security-audit

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local scripts located in the project's bin/ directory (bin/brakeman, bin/bundler-audit) and runs tests via bundle exec rspec. Executing local binaries from the target repository is an inherent risk of the audit process.
  • [PROMPT_INJECTION]: The skill analyzes external data (local source code) which provides a surface for indirect prompt injection. Malicious instructions hidden in code comments or strings could attempt to influence the agent during the audit process.
  • Ingestion points: Source code files in app/ and config/ directories (SKILL.md).
  • Boundary markers: No delimiters are specified to separate audited code from agent instructions.
  • Capability inventory: Local command execution (bin/brakeman, bin/bundler-audit, bundle exec rspec).
  • Sanitization: No sanitization is performed on code content before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 12:15 AM