Rust Core Specialist
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection due to its core functionality. * Ingestion points: Untrusted code enters via 'Refactor code' and 'Implement feature' triggers in SKILL.md. * Boundary markers: Absent; there are no delimiters defined to separate user data from system instructions. * Capability inventory: scripts/init_project.sh executes shell commands (cargo), and the agent has code-writing capabilities. * Sanitization: Absent; the skill does not validate or sanitize ingested code.
- EXTERNAL_DOWNLOADS (MEDIUM): The initialization script uses 'cargo add' to fetch unversioned dependencies from an external registry (crates.io) which is not in the trusted source list.
- COMMAND_EXECUTION (LOW): The skill performs shell-based project scaffolding, which is a powerful capability that could be abused if the agent is compromised via prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata