Skills
skills/gierd-inc/dev-skills/rails-mailbox/Gen Agent Trust Hub

rails-mailbox

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface.
  • Ingestion points: In references/examples.md, the skill processes untrusted external data from inbound emails via mail.decoded.
  • Boundary markers: No boundary markers or "ignore instructions" delimiters are used in the vulnerable example to separate untrusted data from processing logic.
  • Capability inventory: The skill performs database writes in references/examples.md using the create! method with untrusted data.
  • Sanitization: While SKILL.md explicitly instructs to always sanitize incoming content, the SupportMailbox implementation in references/examples.md violates this rule by directly saving mail.decoded to the database without sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 04:50 PM
Security Audit — agent-trust-hub — rails-mailbox