cargo-ecosystem
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill enables the agent to execute
cargo build,cargo run, andcargo test. In the Rust ecosystem, these commands are capable of executing arbitrary code during the compilation phase viabuild.rsscripts or procedural macros, as well as during execution of the binary or test suite. This represents a significant Indirect Prompt Injection surface. \n - Ingestion points: External Rust project files including
Cargo.toml,build.rs, and.rssource files. \n - Boundary markers: None present; there are no instructions to verify the source or integrity of projects before running these commands. \n
- Capability inventory: Full system execution capability through
cargosubprocesses. \n - Sanitization: No sanitization or sandboxing of project code is provided or suggested. \n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation encourages installing third-party utilities (
cargo-watch,cargo-edit,cargo-nextest,cargo-audit,cargo-bloat) viacargo install. These are fetched from Crates.io, which is an external and unverifiable source in this context, posing a risk of supply chain attacks or typosquatting. \n- [COMMAND_EXECUTION] (HIGH): Provides direct shell commands for project management and execution that interact with the host filesystem and environment without safety constraints.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata