rust-sota-arsenal
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructions provide numerous examples for installing third-party binaries using 'cargo install' and executing various CLI tools for profiling, benchmarking, and testing (SKILL.md, references/*.md).\n- [COMMAND_EXECUTION]: The skill documentation suggests running the 'samply' profiler with 'sudo' on macOS to accommodate system permissions required for dtrace (samply-profiling.md).\n- [COMMAND_EXECUTION]: References a release pipeline script 'rust-release-check.sh' and provides instructions for the agent to copy and execute it as a release gate (SKILL.md).\n- [EXTERNAL_DOWNLOADS]: Includes a 'curl' POST request to a private IP address ('172.25.236.1') described as a Firecrawl scraping service within a ZeroTier network (SKILL.md).\n- [PROMPT_INJECTION]: The skill creates a vulnerability surface for indirect prompt injection by instructing the agent to fetch and process external data from the 'crates.io' API and web search results to determine upgrade paths.\n
- Ingestion points: WebFetch calls to 'crates.io/api' and WebSearch results (SKILL.md).\n
- Boundary markers: None present in the instructions to delimit external content.\n
- Capability inventory: 'Bash' (command execution), 'Edit'/'Write' (file modification) tools are available (SKILL.md).\n
- Sanitization: No explicit sanitization or validation of the fetched JSON or Markdown data is described.
Audit Metadata