cargo-lock-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard Rust
cargoandgitcommands to manage dependencies. These actions are transparent and aligned with the skill's description. - [DATA_EXFILTRATION] (SAFE): No evidence of sensitive data access or exfiltration to external domains was found.
- [EXTERNAL_DOWNLOADS] (SAFE): While
cargo updateconnects to crates.io, this is a trusted registry and standard behavior for the tool. - [Indirect Prompt Injection] (LOW):
- Ingestion points: The scripts read path arguments and process
Cargo.tomlfiles. - Boundary markers: None explicitly defined in script outputs.
- Capability inventory:
cargooperations andgitcommands. - Sanitization: Basic shell quoting is applied to file paths.
Audit Metadata