Skills
skills/fjrevoredo/mini-diarium/rust-skill-creator/Gen Agent Trust Hub

rust-skill-creator

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to use shell utilities such as mkdir, ls, and cat to create and manage a directory structure for generated skills at ~/.claude/skills/. It also involves writing new SKILL.md and reference files based on templates.
  • [EXTERNAL_DOWNLOADS]: Content is fetched from well-known and trusted Rust community domains, specifically docs.rs and doc.rust-lang.org. These sources are standard for the intended technical documentation purpose.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes untrusted documentation content which is then used to generate instructions for the agent's future behavior.
  • Ingestion points: Documentation content is fetched from external URLs via agent-browser or WebFetch as described in SKILL.md.
  • Boundary markers: Absent; the fetched content is interpolated directly into skill templates without delimiters or "ignore" instructions.
  • Capability inventory: The skill has the capability to write files and create directories on the local filesystem (~/.claude/skills/).
  • Sanitization: No sanitization, escaping, or validation of the retrieved documentation content is performed before it is written into new instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 04:17 PM