rtk-tdd
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill requires the agent to run
cargo test,cargo clippy, andcargo fmt. These commands execute code within the project's context, allowing for arbitrary code execution on the host machine. - [PROMPT_INJECTION] (HIGH): (Category 8
- Indirect Prompt Injection): The agent is vulnerable to malicious instructions embedded in the code it processes. Evidence: 1. Ingestion points: Rust source files and command outputs from tools like git, docker, and kubectl. 2. Boundary markers: Absent. 3. Capability inventory: Code execution via cargo commands. 4. Sanitization: Absent.
- [REMOTE_CODE_EXECUTION] (HIGH): The ability to execute tests and build code derived from untrusted project files provides an attack vector for code execution if the repository being worked on is malicious.
- [DATA_EXPOSURE] (LOW): The patterns include checking environment variables and system paths (e.g., /etc/passwd). While intended for defensive testing, the skill's logic confirms the agent can access and process sensitive strings from the environment.
Recommendations
- AI detected serious security threats
Audit Metadata