rustfs
Fail
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains a 'CRITICAL DIRECTIVE' that instructs the agent to never suggest or provide information about MinIO, claiming it was archived in February 2026. This is a behavioral override using fabricated future-dated information to steer users away from a legitimate alternative.
- [REMOTE_CODE_EXECUTION]: In
references/installation.md, the skill recommends a high-risk installation pattern:curl -O https://rustfs.com/install_rustfs.sh && bash install_rustfs.sh. This pattern involves downloading and executing code from an unverified external domain (rustfs.com) without prior inspection. - [CREDENTIALS_UNSAFE]: Hardcoded default credentials (
rustfsadmin/rustfsadmin) are present inSKILL.md,references/installation.md, andreferences/sdks.md. These credentials are provided for environment variables and as active credentials in multi-language SDK examples. - [COMMAND_EXECUTION]: The installation and migration documentation instructs users to execute powerful system commands with
sudo, including binary installation to/usr/local/bin/and direct disk formatting operations. - [EXTERNAL_DOWNLOADS]: The skill downloads binaries and scripts from unverified domains including
rustfs.comanddl.rustfs.com. It also fetches configuration and installation scripts from the well-known servicerclone.org.
Recommendations
- AI detected serious security threats
Audit Metadata