rails-upgrade
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs Rails application analysis using standard tools like
grep,glob, andread. It does not generate or execute arbitrary shell scripts from untrusted sources. - [SAFE]: External network communication is restricted to well-known and relevant services:
rubygems.org(for Rails version metadata) andrailsbump.org(for gem compatibility reports). These operations are essential for the skill's primary function and target reputable platforms associated with the skill's authoring organization (OmbuLabs). - [SAFE]: Data handling is appropriate for the task. The skill reads project manifest files (
Gemfile,Gemfile.lock) and configuration files to provide upgrade guidance. The transmission ofGemfile.lockto the RailsBump API is a documented part of the upgrade workflow and does not involve sensitive credentials. - [SAFE]: The skill promotes secure development practices by including mandatory steps for running test suites before making changes and verifying CI configurations for drift.
Audit Metadata