rust-daily
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The metadata description uses the 'CRITICAL:' prefix. This mimics override/bypass markers used in prompt injection to prioritize instructions or bypass constraints, although here it appears intended for emphasis.
- [COMMAND_EXECUTION] (MEDIUM): The skill execution logic attempts to read a file using a relative path ('../../agents/rust-daily-reporter.md'). This constitutes a directory traversal pattern, as it accesses files outside the skill's dedicated folder structure.
- [PROMPT_INJECTION] (MEDIUM): The skill possesses a significant Indirect Prompt Injection surface. It ingests content from external, attacker-controllable sources (Reddit r/rust, community blogs) and passes it directly to a general-purpose subagent. There are no defined boundary markers or sanitization steps mentioned to prevent malicious instructions within those news sources from influencing the agent's behavior.
Audit Metadata