cargo-ai
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions rely on shell commands using the
cargo-aiCLI to perform resource management tasks such as listing agents, creating releases, and managing files. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@cargo-ai/clinpm package, which is the official tool provided by the vendor for platform interaction. - [PROMPT_INJECTION]: The skill facilitates the ingestion of external data and the configuration of agent system prompts, which establishes an indirect prompt injection attack surface.
- Ingestion points: Local files are uploaded to the platform via
cargo-ai ai file uploadas documented in SKILL.md and references/examples/files.md. - Boundary markers: The instructions do not specify delimiters or boundary markers to isolate external content from system prompts during configuration.
- Capability inventory: The skill provides tools to update system prompts (
release update-draft), connect to MCP servers, and modify agent resources. - Sanitization: No content validation or sanitization processes are described for the data processed from files or templates before integration into agent releases.
Audit Metadata