The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The framework explicitly supports a CodeAct module (via the dspy-code_act gem) designed to synthesize and execute Ruby code at runtime. This capability allows for sophisticated agentic behavior but introduces a critical execution surface for untrusted, LLM-generated code.
[COMMAND_EXECUTION]: The library provides built-in toolsets such as the GitHubCLIToolset and TextProcessingToolset that wrap system-level CLI tools like gh, grep, and ripgrep. These tools permit an agent to interact directly with the host operating system's filesystem and execute external commands.
[DATA_EXFILTRATION]: The GitHubCLIToolset includes a github_api_request tool that enables arbitrary GET requests to the GitHub API. Additionally, the observability system facilitates data transmission to external Langfuse endpoints via OTLP exporters. These features provide potential vectors for sensitive data exposure if the agent is compromised.
[PROMPT_INJECTION]: As a framework designed to process and act upon natural language, the resulting applications are inherently susceptible to indirect prompt injection. The documentation promotes the use of Signatures and Typed Context Patterns to structure data, which serves as a mitigation strategy against opaque string injection. Ingestion points: Untrusted data enters the context through input blocks in DSPy::Signature classes. Boundary markers: The framework uses structured data formats like JSON Schema and BAML to delineate instruction and data. Capability inventory: The system possesses high-privilege capabilities including Ruby code execution and host system CLI access. Sanitization: Input and output validation are handled via Sorbet types and schema-based coercion to ensure data conform to expected formats.

dspy-ruby