rust-ecosystem
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions designed to override agent behavior or bypass safety constraints were identified. The content is strictly informational.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets or access to sensitive local file paths (like SSH keys or environment files) were found. Network examples use standard placeholders.
- [Obfuscation] (SAFE): The file contains clear, readable text and code. There are no signs of Base64 encoding, zero-width characters, or homoglyph attacks.
- [Unverifiable Dependencies] (SAFE): All recommended Rust crates (e.g., tokio, axum, serde, sqlx) are high-reputation, community-standard packages. The skill encourages using 'cargo audit' to check for vulnerabilities.
- [Indirect Prompt Injection] (LOW): The skill targets 'Cargo.toml' files for context, which is an external data source. However, it functions as a reference guide rather than an automated execution tool, posing minimal risk.
- [Command Execution] (INFO): Provides legitimate security commands ('cargo audit', 'cargo deny') as educational examples for the user to verify their own code.
Audit Metadata