code-quality
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface because it processes untrusted local data (Rust source files) and has the capability to execute commands based on that environment.
- Ingestion points: The skill uses
find,rg(ripgrep), andcargoto read and analyze local Rust files. - Boundary markers: No explicit delimiters or instructions to ignore embedded prompts in source files are present.
- Capability inventory: Includes execution of
cargosubcommands (fmt, clippy, audit, tarpaulin, doc) and shell utilities (find,rg,wc). - Sanitization: No sanitization of file content is mentioned before processing.
- [Command Execution] (SAFE): The skill utilizes standard development tools for its primary purpose. The use of
cargo fmt,cargo clippy, andcargo auditis considered best practice in Rust development. - [Dynamic Execution] (LOW): The command
cargo tarpaulinis used for test coverage, which involves executing the compiled tests of the code being analyzed. This is standard behavior for the tool but technically involves running code found in the local environment. - [Unverifiable Dependencies] (LOW): The skill references local scripts (e.g.,
./scripts/code-quality.sh) that were not provided for analysis. It is assumed these scripts contain the logic described in the documentation.
Audit Metadata