rationalize-deps
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill's core workflow involves running
cargo checkandcargo testagainst a user-specified codebase. In the Rust ecosystem, these operations are not side-effect-free; they execute arbitrary code defined inbuild.rsscripts and procedural macros. This creates a high risk of RCE if the skill is applied to untrusted repositories. - [COMMAND_EXECUTION] (HIGH): The skill utilizes several system commands including
cargo,git, andjq. It performs automated modifications to the local filesystem (Cargo.toml) and executes multiple build-related commands based on the contents of the files it analyzes. - [INDIRECT_PROMPT_INJECTION] (HIGH): (Evaluation of Category 8: Ingestion of Untrusted Data) The skill is highly vulnerable to malicious instructions or behaviors embedded in the data it processes.
- Ingestion points: The skill reads
Cargo.tomlfiles and project metadata from the local filesystem and external registries. - Boundary markers: None. The agent does not distinguish between project configuration and potential instructions or malicious scripts embedded in the codebase.
- Capability inventory: Full subprocess execution for build tools (cargo) and file-writing capabilities on the host system.
- Sanitization: There is no evidence of sanitization or sandboxing to prevent the Rust build system from executing malicious code contained within the target project's build scripts or macros.
Recommendations
- AI detected serious security threats
Audit Metadata