rust-dependency-audit
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes several Rust auditing tools via the Bash tool to scan and modify project dependencies.
- Evidence: Invokes cargo audit, cargo deny, cargo vet, and cargo upgrade. The cargo audit fix command automatically modifies the Cargo.lock file.
- [EXTERNAL_DOWNLOADS]: Downloads and installs Rust packages globally from the Crates.io registry.
- Evidence: Uses cargo install for tools like cargo-audit and cargo-deny. While Crates.io is a well-known service, global binary installation is an external code ingestion point.
- [DATA_EXFILTRATION]: Initiates network connections to a private IP address, posing an SSRF risk.
- Evidence: SKILL.md contains a curl command targeting http://172.25.236.1:3002/v1/scrape. Interacting with internal network resources (172.16.0.0/12 range) can bypass security controls or expose internal tools.
- [PROMPT_INJECTION]: Presents an indirect prompt injection surface through the processing of untrusted crate metadata.
- Ingestion points: The skill retrieves dynamic content from crates.io using WebFetch and WebSearch tools.
- Boundary markers: Absent. No delimiters are used to separate untrusted crate data from the agent's instructions.
- Capability inventory: Includes the Bash tool with permissions to execute commands and modify the filesystem.
- Sanitization: No evidence of validation or sanitization of the external API responses before use.
Audit Metadata