dspy-ruby
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides integrated toolsets that execute shell commands on the host system. The GitHubCLIToolset wraps the GitHub CLI (gh) for repository operations, and the TextProcessingToolset utilizes Unix utilities such as grep and ripgrep (rg) for text manipulation.
- [REMOTE_CODE_EXECUTION]: The framework supports the CodeAct module (referenced in SKILL.md and references/core-concepts.md), which allows the AI agent to dynamically generate and execute Ruby code at runtime to solve tasks. This capability can be exploited if the agent incorporates untrusted external input into the generated code.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data, creating a surface for indirect prompt injection where malicious instructions hidden in the data could trigger unauthorized actions using the agent's code and command execution capabilities.
- Ingestion points: Data enters the context through signatures such as EmailClassifier in SKILL.md (processing email_content) and DocumentProcessor in references/core-concepts.md (processing document content).
- Boundary markers: The skill utilizes structured outputs and JSON Schema to help the LLM distinguish between instructions and data, as described in references/core-concepts.md.
- Capability inventory: The skill possesses extensive capabilities including Ruby code execution via CodeAct and shell command execution via GitHubCLIToolset and TextProcessingToolset.
- Sanitization: No specific sanitization or validation logic for the content of external data is present in the provided templates or documentation.
Audit Metadata