rust
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill provides patterns for processing external file data and subprocess output while maintaining capabilities to write to the filesystem and execute arbitrary commands. This combination is a high-risk surface for indirect prompt injection.\n
- Ingestion points:
std::fs::read_to_string(references/file-io.md) andchild.wait_with_output()(references/process-integration.md).\n - Boundary markers: Absent. No instructions are provided to help the agent distinguish between data and potential commands within the processed files or streams.\n
- Capability inventory: Filesystem writes via
atomic_write(references/file-io.md) and arbitrary command execution viarun_subprocess(references/process-integration.md).\n - Sanitization: Absent. Technical validation (UTF-8, Serde) is covered, but there is no logic to prevent data from being interpreted as agent instructions.\n- [COMMAND_EXECUTION] (HIGH): The skill provides patterns for executing system commands using the
CommandAPI. Because the guide suggests using these for processing external file formats and process integration, there is a significant risk that untrusted data could be used to construct and execute malicious commands.\n- [EXTERNAL_DOWNLOADS] (LOW): The guide recommends installing tools likecargo-fuzzfrom the crates.io registry. These are standard tools but introduce a runtime dependency on external, third-party code.
Recommendations
- AI detected serious security threats
Audit Metadata