Skills
skills/actionbook/rust-skills/rust-code-navigator/Gen Agent Trust Hub

rust-code-navigator

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes untrusted data from the local codebase.
  • Ingestion points: The workflow involves reading local Rust files (e.g., src/main.rs, src/config.rs) and LSP symbols to display code context to the user.
  • Boundary markers: Absent. There are no delimiters or 'ignore' instructions used when interpolating file content into the agent's context.
  • Capability inventory: The skill utilizes LSP, Read, and Glob, which grant the agent permissions to access and read the entire workspace directory.
  • Sanitization: Absent. The skill passes code comments and documentation directly to the LLM, which could contain malicious instructions.
  • EXTERNAL_DOWNLOADS (LOW): The skill recommends external software installation through trusted channels.
  • Evidence: The 'Error Handling' section suggests the command rustup component add rust-analyzer. Although rustup is a trusted source, the action involves downloading and installing external binaries, which warrants a LOW severity under the [TRUST-SCOPE-RULE].
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:01 PM