cargo-cli-workspace
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @cargo-ai/cli package from the npm registry. This is the official CLI tool provided by the vendor for workspace management and is considered a safe vendor resource.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various cargo-ai subcommands (e.g., workspace user list, workspace token create) for workspace administration. These operations are the primary and intended purpose of the skill and do not involve arbitrary or malicious command execution.
- [DATA_EXFILTRATION]: While the skill manages sensitive resources like API tokens, it does not include any patterns for exfiltrating this data to unauthorized third parties. It explicitly instructs the user to store generated tokens in a secure secrets manager and notes that token values are only displayed once upon creation.
Audit Metadata