Skills
skills/plurigrid/asi/cargo/Gen Agent Trust Hub

cargo

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill enables commands like cargo run, cargo test, and cargo bench. These commands directly execute compiled binaries on the host system, which could lead to malicious activity if the source code is compromised.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The inclusion of cargo install, cargo add, and cargo update allows the agent to fetch packages from the crates.io registry. This introduces a supply chain risk where unverified or malicious packages could be introduced into the environment.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): Rust projects often utilize build.rs scripts that execute during the compilation phase of cargo build or cargo check. If an agent is tasked with building an untrusted project, these scripts can execute arbitrary code on the host machine before any binary is even run.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:34 PM