cargo-machete
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages the Bash tool to perform environment checks using find and grep, and executes cargo commands to audit, build, and test the Rust project.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the cargo-machete binary from crates.io, the official Rust package registry, and references established GitHub Actions for CI workflows.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes output from external audit tools and project files which could be manipulated by an attacker.
- Ingestion points: Processes the stdout from cargo machete and reads the content of Cargo.toml.
- Boundary markers: None; there are no delimiters or specific instructions for the agent to disregard potential commands found within tool outputs or configuration files.
- Capability inventory: The skill can execute shell commands, perform filesystem modifications via auto-fix flags, and install software packages.
- Sanitization: No validation or escaping is performed on the data ingested from the external tool or the project files.
Audit Metadata