domain-embedded
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill contains a shell escape command
!cat .cargo/config.tomlintended to inject local file content into the agent's context. This pattern represents arbitrary command execution on the host machine. - [DATA_EXFILTRATION] (MEDIUM): The skill targets
.cargo/config.toml, which may contain sensitive data such as private registry credentials, auth tokens, or environment-specific paths. Accessing these files without explicit user consent constitutes a data exposure risk. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): This skill creates an injection surface by reading external file content into the prompt.
- Ingestion points:
.cargo/config.toml(viacatin SKILL.md). - Boundary markers: Absent; the content is injected directly without delimiters.
- Capability inventory: As an embedded development skill, the associated agent likely has high privileges including file system access and the ability to execute build commands (cargo).
- Sanitization: Absent; the output of the shell command is piped directly into the context, allowing a malicious project file to influence agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata