Skills
skills/ulpi-io/skills/review-crate/Gen Agent Trust Hub

review-crate

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute cargo test on a user-provided crate path. This action executes code from the target crate, including any custom logic in build.rs or the test suite, which could perform arbitrary actions on the local system.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted file content from the crate being audited.
  • Ingestion points: The skill explicitly instructs the agent to read every file in the crate directory (SKILL.md, Step 1).
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are defined for the content being read.
  • Capability inventory: The agent has access to high-impact tools including Bash (shell execution), Write (file modification), and Read (data access).
  • Sanitization: There is no requirement or evidence of sanitization or validation of the crate content before it is processed by the agent's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 04:41 AM