rust-code-navigator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGH
Full Analysis
- SAFE (SAFE): No security risks or malicious patterns were identified in the skill instructions or metadata.
- Indirect Prompt Injection (LOW): The skill processes external content (local Rust source code) via the
ReadandLSPtools. While this theoretically allows for indirect prompt injection if an attacker-controlled file contains malicious instructions, the skill's capabilities are restricted to information retrieval (navigating definitions and references) rather than execution or exfiltration, mitigating the risk. - External Scans (INFO): The automated scanner alert regarding 'main.rs' is determined to be a false positive. 'main.rs' is a standard file name in the Rust ecosystem and is used here solely as a placeholder path in documentation and LSP call examples; no actual malicious URL is present in the skill.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata