Skills
skills/tumf/skills/rust-cli/Gen Agent Trust Hub

rust-cli

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The Makefile template in references/templates.md contains a command that downloads a shell script from a remote URL and pipes it directly to the system shell for execution. This 'curl | sh' pattern is a significant security risk as it executes unverified code with the privileges of the user.
  • Evidence: curl -LsSf https://github.com/j178/prek/releases/latest/download/prek-installer.sh | sh; in references/templates.md.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions and automation to download the prek tool from an external GitHub repository (j178/prek) that is not identified as a trusted organization or well-known service.
  • Evidence: Reference to https://github.com/j178/prek in the pre-commit-hooks target of the Makefile.
  • [COMMAND_EXECUTION]: The skill includes various templates and instructions for executing shell commands, including environment setup and tool installation using cargo install and custom shell scripts.
  • Evidence: Multiple targets in the Makefile template and instructions in SKILL.md such as cargo install cargo-release.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 13, 2026, 10:43 AM