Skills
skills/huiali/rust-skills/rust-middleware/Gen Agent Trust Hub

rust-middleware

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHDATA_EXFILTRATION
Full Analysis
  • CORS Misconfiguration (HIGH): The CorsBuilder::production() implementation is insecure. Despite being labeled for production use, it utilizes allowed_origin_fn to unconditionally return true, effectively allowing any origin. Combined with supports_credentials(), this allows malicious websites to make authenticated requests to the API and read responses, leading to sensitive data exposure.
  • Resource Exhaustion / DoS (MEDIUM): The RateLimiting middleware uses an unbounded in-memory Vec to track client IPs. Each unique IP results in a new entry in the vector with no maximum capacity check, allowing an attacker to exhaust server memory by rotating IP addresses.
  • Performance Bottleneck (LOW): The rate limiter acquires a global write lock (RwLock::write) on every incoming request to prune and update counters. This will cause significant thread contention and latency under high load, potentially leading to a self-inflicted Denial of Service.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:09 AM