rust-symbol-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted content from local Rust files to extract symbols and structure. Ingestion points: File discovery via
Globand metadata extraction viaLSP. Boundary markers: Absent. Capability inventory:LSP,Read,Glob. Sanitization: Absent. Malicious instructions embedded in code comments or strings could potentially influence the agent's summary or reasoning. - Information (INFO): A third-party scanner flagged
main.rsas a malicious URL. This is identified as a false positive where the Rust source file name was misinterpreted as a domain using the Serbian (.rs) top-level domain. The skill correctly references this as a local file path.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata