The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill contains hardcoded static encryption keys and salts within example configuration blocks in SKILL.md and reference.md, specifically 'primary_key: YehXdfzxVKpoLvKseJMJIEGs2JxerkB8', 'deterministic_key: uhtk2DYS80OweAPnMLtrV2FhYIXaceAy', and 'key_derivation_salt: g7Q66StqUQDQk9SJ81sWbYZXgiRogBwS'. If an agent inadvertently adopts these predictable values instead of generating unique ones, it would severely compromise the security of the application's encrypted data.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection. * Ingestion points: It uses 'Read', 'Grep', and 'Glob' tools to analyze application source code, including models and configurations (SKILL.md). * Boundary markers: There are no instructions to use delimiters or 'ignore embedded instructions' markers for data read from the repository. * Capability inventory: The skill utilizes high-privilege tools such as 'Bash' (specifically rails console, runner, and credentials management), 'Write', and 'Edit' (SKILL.md). * Sanitization: No sanitization or validation logic is defined to protect against malicious content found in the codebase being processed as agent instructions.
[COMMAND_EXECUTION]: The skill requests access to powerful Rails-specific tools including 'bin/rails console' and 'bin/rails runner', which allow for the execution of arbitrary Ruby code within the target environment. While these are necessary for the skill's functionality, their power increases the impact of other vulnerabilities.

active-record-encryption