sast-brakeman
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the brakeman command-line utility to analyze Ruby on Rails projects. This behavior is expected and matches the skill's primary purpose.
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation suggests installing the brakeman package via gem install. This involves downloading code from the RubyGems repository. While Brakeman is a reputable tool, any external dependency installation introduces a minor risk.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill instructs the agent to read and parse the JSON output generated by the scanner. This creates a surface where a malicious project could influence the agent's summary through specifically crafted source code that triggers deceptive scan results. 1. Ingestion points: brakeman-results.json (SKILL.md). 2. Boundary markers: Absent; findings are presented directly without sanitization. 3. Capability inventory: Shell command execution for scanning and local file reading (SKILL.md). 4. Sanitization: Absent.
Audit Metadata