rig-migrate
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
grepto scan localCargo.tomlfiles to automatically detect the version ofrig-corebeing used in the project. This is a standard and expected operation for a migration assistant. - [EXTERNAL_DOWNLOADS]: It utilizes the
cargo searchcommand to check for the latest versions of packages on crates.io. Because this targets a well-known, official package registry, it is classified as a safe operation. - [PROMPT_INJECTION]: The skill's instructions were analyzed for safety bypasses or instructions to ignore guardrails; no such malicious patterns were found.
- [DATA_EXFILTRATION]: No sensitive environment variables, credentials, or private keys are accessed or transmitted to external endpoints.
Audit Metadata