The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute cargo metadata and cargo tree. These are standard, official Rust toolchain commands used for their intended purpose of project analysis. The script uses variables ${DEPTH} and ${FEATURES} which are interpolated directly into shell commands, potentially allowing for command injection if inputs are not properly sanitized by the agent.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it handles project data.
Ingestion points: The skill reads Cargo.toml and processes the output of the cargo tree command.
Boundary markers: No explicit delimiters are used to wrap the data ingested from the project files to prevent instructions within those files from being followed.
Capability inventory: The skill has access to the Bash tool, allowing it to execute arbitrary commands.
Sanitization: The input parameters ${DEPTH} and ${FEATURES} are used directly in bash commands without explicit validation or escaping in the instructions.

rust-deps-visualizer