The Agent Skills Directory

[DATA_EXPOSURE]: The skill uses railsMcpServer tools to read local project configuration files such as Gemfile, config/application.rb, and config/environments/production.rb. This data is used solely to generate localized upgrade reports and configuration diffs for the user. No network operations or non-whitelisted domains were detected that would indicate data exfiltration.
[COMMAND_EXECUTION]: The skill generates bash scripts (e.g., detect_rails_XX_changes.sh) based on a provided template (detection-script-template.sh) and YAML patterns. These scripts are intended for the user to execute locally to find breaking changes in their code. The logic is derived from internal, static YAML pattern files bundled with the skill, and no arbitrary or remote command execution was found.
[REMOTE_CODE_EXECUTION]: There are no patterns involving curl | bash or the download and execution of untrusted remote scripts. All software dependencies referenced (e.g., bundler-audit, propshaft, solid_cache) are standard Rails ecosystem gems from the official RubyGems registry.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data (the project's codebase) which could theoretically contain malicious instructions. However, the ingestion is limited to specific configuration files, and the output is restricted to report generation and local buffer updates, posing a minimal and expected risk for this type of developer tool.
[CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or secrets were found. The skill uses placeholders and instructs users on best practices for secret management (e.g., migrating from secrets.yml to Rails credentials).

rails-upgrade-assistant