claude-agent-ruby
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a technical reference for the claude-agent-sdk gem and does not contain malicious instructions, obfuscation, or unauthorized access attempts.
- [COMMAND_EXECUTION]: The documentation includes standard Ruby development commands like bundle show and ruby -e to facilitate locating the installed gem path and its documentation on the local filesystem.
- [PROMPT_INJECTION]: The skill facilitates the processing of untrusted user input through the SDK's query and interactive client interfaces, creating a surface for indirect prompt injection.
- Ingestion points: The query() and Client.query() methods described in SKILL.md and usage-map.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the provided code skeletons.
- Capability inventory: The SDK supports subprocess execution (via MCP tool servers), network configuration, and file system operations (checkpointing).
- Sanitization: The skill does not explicitly detail input sanitization or validation logic for the processed prompts.
Audit Metadata