rails-expert
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard Ruby on Rails development workflows. It explicitly mandates security constraints like using Strong Parameters and preventing SQL injection through sanitization or parameterized queries.
- [COMMAND_EXECUTION]: The skill uses standard development commands such as
rails generate,rails db:migrate, andbundle exec rspec. These actions are necessary for the skill's primary purpose of application development and testing. - [INDIRECT_PROMPT_INJECTION]: The skill processes application requirements and existing code while having shell execution capabilities, creating a potential surface for indirect prompt injection. This is mitigated by the skill's strict enforcement of sanitization and validation patterns.
- Ingestion points: Application requirements, model definitions, and database schema in SKILL.md and references/active-record.md.
- Boundary markers: Absent.
- Capability inventory: Shell execution (
rails,bundle), file creation/modification (migrations, controllers), and network operations via Sidekiq and API development. - Sanitization: Instructions strictly require parameterized queries,
sanitize_sql, and Strong Parameters. - [DATA_EXFILTRATION]: No unauthorized network operations or exfiltration patterns were identified. API development guidance follows best practices including JWT authentication and rate limiting.
Audit Metadata