[kak3a]

Since it consumes user defined SQL directly, how secure is it from SQL injections?

[Alifatisk]

I did some digging for you, I am not the best at Rails but from my understanding, it seems to throw the queries into ActiveRecords QueryAttribute using bind parameters [1]. So I'd say enough safe from sqli [2].

[1] https://github.com/ankane/blazer/blob/bd06aab33052783e84672b...

[2] https://blog.saeloun.com/2019/10/28/bind-parameters-in-activ...