rust-performance
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and optimize external Rust code, creating a significant injection surface.
- Ingestion points: The agent reads user-provided Rust source files,
Cargo.tomlconfigurations, and benchmarking data. - Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are provided for the data being processed.
- Capability inventory: The skill utilizes commands like
cargo test,cargo bench,cargo build,samply,heaptrack, andvalgrind. It also has the capability to modify source code. - Sanitization: There is no evidence of sanitization for user-provided project files. If a user provides a project with a malicious
build.rsorCargo.toml, the agent's suggestion to runcargo benchorcargo buildwould trigger arbitrary code execution on the local machine. - Command Execution (MEDIUM): The skill frequently suggests running system-level profiling and build tools (
perf,samply,valgrind,cargo). While expected for a performance expert, these commands are powerful and execute with the user's local privileges. - Remote Code Execution (LOW): While no direct remote downloads are initiated by the skill itself, the reliance on
cargo(which fetches dependencies from crates.io) means that malicious dependencies in a user's project could be downloaded and executed during the 'Measure First' or 'Benchmark' phases. - Metadata Analysis (SAFE): Metadata fields (name, description, license) are accurate and reflect the skill's actual behavior without deceptive instructions.
Recommendations
- AI detected serious security threats
Audit Metadata