cargo-rust
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill explicitly documents and enables the use of
cargo build,cargo run, andcargo test. These commands invoke subprocesses that execute compiled binaries on the host system. - [REMOTE_CODE_EXECUTION] (HIGH): The inclusion of
cargo addfacilitates the download of third-party dependencies from crates.io. Malicious crates can execute arbitrary code during the build process viabuild.rsscripts or during runtime viacargo run. - [INDIRECT_PROMPT_INJECTION] (HIGH):
- Ingestion points: The skill is designed to process external Rust projects,
Cargo.tomlfiles, and source code provided by users or fetched from repositories. - Boundary markers: None provided; the agent lacks instructions to distinguish between trusted and untrusted code contexts before execution.
- Capability inventory: Includes the ability to compile, test, and execute arbitrary code through the Cargo ecosystem.
- Sanitization: There are no documented steps for sandboxing the build environment or verifying crate integrity beyond standard Cargo resolution.
Recommendations
- AI detected serious security threats
Audit Metadata