testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's primary function is to analyze and test external codebases, which provides a significant ingestion surface for malicious instructions. 1. Ingestion points: Reads files in src/, tests/, and benches/ directories. 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the code being analyzed. 3. Capability inventory: The skill is required to ensure 'All tests pass' and 'Benchmarks show no regressions', which necessitates executing cargo test and cargo bench. 4. Sanitization: Absent; the skill does not include steps to verify or sandbox the code before execution.
- [Command Execution] (HIGH): The skill implicitly requires running the Rust toolchain on untrusted code. In the Rust ecosystem, malicious projects can use build.rs files, procedural macros, or custom test runners to achieve arbitrary code execution on the system running the tests.
Recommendations
- AI detected serious security threats
Audit Metadata