Skills
skills/obie/skills/rails-activity-timeline/Gen Agent Trust Hub

rails-activity-timeline

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection within the AI summarization feature described in references/ai-summaries.md.
  • Ingestion points: The ActivitySummaryGenerator#user_prompt method interpolates untrusted data from event.from_field_value and event.to_field_value directly into the prompt. This data originates from tracked database fields (e.g., project descriptions or comments).
  • Boundary markers: The prompt template lacks robust delimiters or explicit instructions to the LLM to ignore or treat the interpolated content strictly as data, using only simple "Previous value:" and "New value:" headers.
  • Capability inventory: The generated summary is saved to the database (details["summary"]) and subsequently rendered in the application's UI via the display_detail method, which could allow an attacker to inject deceptive or malicious text into the activity feed.
  • Sanitization: While the content is truncated to 1000 characters, no validation or sanitization is performed to detect or neutralize potential prompt injection instructions embedded in the field values.
  • [EXTERNAL_DOWNLOADS]: The skill involves external dependencies and network operations.
  • Ruby Gems: It requires the raix-rails gem to interface with AI models.
  • Network Services: It communicates with the OpenRouter API (openrouter.ai) to perform chat completions. OpenRouter is a well-known service for accessing various LLM providers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 12:53 PM