salvo-data-extraction
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides instructional content and code examples for data extraction in the Salvo web framework and contains no executable scripts or malicious instructions.\n- [PROMPT_INJECTION]: The skill documents patterns for ingesting untrusted data from HTTP request components, representing a surface for indirect prompt injection. This risk is mitigated through the inclusion of validation best practices using the 'validator' library.\n
- Ingestion points: SKILL.md (manual parsing and Extractible derive macros for query, path, and body data).\n
- Boundary markers: Not applicable for code documentation.\n
- Capability inventory: No dangerous operations or subprocess executions identified.\n
- Sanitization: Explicitly demonstrates schema validation and custom validation logic using the 'validator' crate.\n- [SAFE]: All external references and libraries mentioned (salvo, validator, serde) are well-known, legitimate components of the Rust development ecosystem and match the salvo-rs vendor context.
Audit Metadata