cairo-vulnerability-scanner
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to install the 'caracal' Python package using 'pip install caracal'. Because the 'crytic' organization (Trail of Bits) is not included in the 'Trusted GitHub Organizations' list, this is classified as an unverifiable dependency.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes system commands including 'rg' (ripgrep) and 'caracal detect src/'. Running executable code from unverifiable packages is a security risk.
- [PROMPT_INJECTION] (LOW): The skill has an Indirect Prompt Injection surface (Category 8). 1. Ingestion points: The skill reads all '.cairo' files within the 'src/' directory. 2. Boundary markers: None; there are no instructions to ignore natural language commands embedded in code comments. 3. Capability inventory: Uses 'rg' and 'caracal' to process file contents and generate reports. 4. Sanitization: None; input file content is not validated or escaped before being processed by the tools or the LLM.
Audit Metadata