Skills
skills/chasebuild/agent-skills/rust-skill-creator/Gen Agent Trust Hub

rust-skill-creator

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from external sources including docs.rs and doc.rust-lang.org. These are recognized as well-known technology documentation services and the references are documented neutrally.
  • [COMMAND_EXECUTION]: Uses shell commands such as 'mkdir', 'ls', and 'cat' to manage the skill directory structure in the user's home directory. It also utilizes the 'agent-browser' CLI tool for automated web navigation and data extraction.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Risk.
  • Ingestion points: Fetches documentation text from docs.rs, doc.rust-lang.org, and potentially any user-provided URL using 'agent-browser' and 'WebFetch'.
  • Boundary markers: The skill template uses structural markdown but lacks explicit instructions to ignore or sanitize embedded commands within the fetched documentation text.
  • Capability inventory: Includes file system writing ('mkdir', redirection to files) and network operations ('agent-browser', 'WebFetch').
  • Sanitization: There is no evidence of sanitization or filtering of the fetched text before it is used to generate a new 'SKILL.md' file.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 11:44 AM