rust-call-graph
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious patterns detected. The skill uses standard LSP operations (prepareCallHierarchy, incomingCalls, outgoingCalls) to gather data. All tools (LSP, Read, Glob) are used according to their intended analysis purposes without privilege escalation or exfiltration.
- [Indirect Prompt Injection] (LOW): The skill processes external source code which constitutes an ingestion surface. However, its capabilities are restricted to read-only visualization, meaning malicious code cannot trigger side effects. 1. Ingestion points: workspace files via LSP and Read tools. 2. Boundary markers: absent. 3. Capability inventory: LSP, Read, and Glob tools (read-only). 4. Sanitization: absent.
Audit Metadata