rust-router
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to process untrusted external data (Rust source code and error messages), creating a surface for potential indirect prompt injection. \n
- Ingestion points: Ingests data through user queries and files matching the '/Cargo.toml' and '/*.rs' globs. \n
- Boundary markers: The routing instructions do not specify the use of delimiters or 'ignore' instructions for the processed code blocks. \n
- Capability inventory: The skill primarily possesses internal influence, routing queries to other specialized skills (e.g., 'm01-ownership', 'unsafe-checker'). It lacks direct side-effect capabilities like file writing or network access in this specific file. \n
- Sanitization: No sanitization or validation logic is present for the ingested code or error codes. \n- Prompt Injection (INFO): The skill metadata uses high-urgency directives ('CRITICAL: Use for ALL Rust questions', 'HIGHEST PRIORITY') to override the agent's default routing behavior. While technically an instruction override, it is a functional requirement for a dispatcher skill and shows no evidence of malicious intent or safety filter bypasses.
Audit Metadata