review-ruby-code

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the local development environment, including git operations (e.g., git diff, git remote show) and file system navigation (e.g., ls, find, grep). These commands are used to identify changed files and understand the project's architectural patterns.
  • [REMOTE_CODE_EXECUTION]: The skill executes the local Ruby test suite using bundle exec rspec and the rubycritic gem. This execution is performed to extract coverage data from SimpleCov and quality metrics from RubyCritic. While this involves executing code, it is standard behavior for a code review tool and is limited to the repository context.
  • [SAFE]: The skill demonstrates an indirect prompt injection surface because it ingests and processes untrusted source code. However, it lacks any malicious characteristics and is designed for a legitimate development workflow.
  • Ingestion points: Reads Ruby files (.rb) and coverage reports (coverage/.resultset.json) within the repository.
  • Boundary markers: Absent; the instructions do not explicitly warn the agent to ignore potential instructions embedded in code comments or data.
  • Capability inventory: Execution of shell commands (git, grep, rspec) and file writing (generating REVIEW.md).
  • Sanitization: Absent; the content of the source files is analyzed directly without filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 02:03 PM
Security Audit — agent-trust-hub — review-ruby-code