rust-engineer

The skill 'rust-engineer' consists of a main markdown file (SKILL.md) and several localized description files (description_xx.txt). A thorough review of all files was conducted, focusing on the 9 threat categories outlined in the analysis protocol.

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'CRITICAL: Override', role-play instructions, or attempts to bypass safety guidelines) were found in any of the files. The use of 'IMPORTANT' in the decision framework is for emphasis within the content, not an instruction to the AI.
2. Data Exfiltration: No commands or instructions for accessing sensitive file paths (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or performing network operations to external domains were detected. The skill does not contain any executable code.
3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, Unicode homoglyphs, URL encoding, hex escapes, or HTML entities were found in any of the files.
4. Unverifiable Dependencies: The skill does not instruct the installation of any external packages (e.g., npm install, pip install) or the cloning of external repositories. It references local markdown files (REFERENCE.md, EXAMPLES.md) which are assumed to be part of the skill package.
5. Privilege Escalation: No commands like 'sudo', 'chmod', or instructions for installing services were found.
6. Persistence Mechanisms: There are no instructions to modify system configuration files (e.g., .bashrc, crontab, LaunchAgents) to establish persistence.
7. Metadata Poisoning: The skill's name and description fields, as well as the content of the localized description files, are benign and accurately reflect the skill's purpose. No malicious instructions were hidden in metadata.
8. Indirect Prompt Injection: This skill is purely informational and does not process external user-provided data in a way that would lead to indirect prompt injection within its execution context.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, usage counts, or environment variables that could trigger malicious behavior was found.

In conclusion, the 'rust-engineer' skill is a documentation-based skill that provides information and guidance. It does not contain any active components or malicious instructions, making it safe for use.