documentation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHNO_CODE
Full Analysis
- [REMOTE_CODE_EXECUTION] (SAFE): The automated scan detected a piped execution pattern (
curl ... | sh) forsh.rustup.rs. This is the official and standard installation method for the Rust toolchain. In the context of this skill, it is included as static instructional text within aCONTRIBUTING.mdtemplate for users, not as a script to be executed by the agent itself. - [EXTERNAL_DOWNLOADS] (SAFE): Links to
crates.io,docs.rs, andimg.shields.ioare present in the README templates. These are standard, trustworthy domains within the Rust ecosystem used for package management, documentation hosting, and status badges. - [MALICIOUS_URL] (SAFE): The scanner flagged
client.doas a phishing URL. This is a false positive; the string is part of a Rust code exampleclient.do_something()and was incorrectly parsed as a top-level domain by the automated tool. - [NO_CODE] (SAFE): This skill consists entirely of markdown-based instructions and templates. It does not contain executable scripts, configuration files that trigger automation, or complex logic that could be used for malicious purposes.
Recommendations
- HIGH: Downloads and executes remote code from: https://sh.rustup.rs - DO NOT USE without thorough review
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata