privacy-assessment-rails
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (the !command syntax) in SKILL.md to perform a load-time check for the existence of the privacy-by-design-rails dependency directory.
- [COMMAND_EXECUTION]: The skill executes a local Ruby script (scanner.rb) and uses shell tools such as grep and glob to perform the codebase analysis.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from the user's codebase during analysis.
- Ingestion points: Reads application source code files (models, mailers, jobs, controllers) and parses the output of the scanner script.
- Boundary markers: No specific delimiters or ignore instructions are used to wrap the analyzed codebase content.
- Capability inventory: The skill uses Bash, Read, Glob, Grep, and Write tools to analyze code and generate report files.
- Sanitization: Codebase content is analyzed directly without explicit sanitization or filtering of potential embedded instructions.
Audit Metadata