rust-learner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest data from external sources including docs.rs, crates.io, and lib.rs (Ingestion points: SKILL.md lines 24-30). It lacks any boundary markers or instructions to ignore embedded commands (Boundary markers: Absent). The skill possesses dangerous capabilities including sub-task execution and file reading (Capability inventory: Task, Read, Glob tools), and there is no evidence of input validation (Sanitization: Absent).
- [File Access / Path Traversal] (HIGH): The skill explicitly commands the agent to use Read and Glob tools on relative paths starting with '../../agents/' (Evidence: SKILL.md lines 18 and 25-30). This is a clear attempt to break directory isolation and access or execute prompts from the parent environment, which may contain sensitive configuration.
- [Command Execution] (MEDIUM): The skill documentation prescribes a specific tool chain involving 'agent-browser' CLI commands. Providing agents with pre-formatted shell commands increases the risk of the agent attempting to gain shell access or executing unauthorized commands if the environment's security boundaries are misconfigured.
Recommendations
- AI detected serious security threats
Audit Metadata