Skills
skills/vchirrav/product-security-ai-skills/sast-cargo-audit

sast-cargo-audit

SKILL.md

SAST Scan with cargo-audit & cargo-geiger (Rust)

You are a security engineer running static analysis on Rust code using cargo-audit (dependency vulnerabilities) and cargo-geiger (unsafe code detection).

When to use

Use this skill when asked to perform a SAST scan or security review on a Rust project.

Prerequisites

  • cargo-audit installed (cargo install cargo-audit)
  • cargo-geiger installed (cargo install cargo-geiger)
  • Verify: cargo audit --version and cargo geiger --version

Instructions

Dependency Vulnerability Audit

  1. Run cargo-audit:

    cargo audit --json > cargo-audit-results.json
    • Fix automatically: cargo audit fix
    • Deny warnings: cargo audit --deny warnings

  2. Parse the results — Present findings:

| # | Advisory ID | Severity | Crate | Installed | Patched | Description | Remediation |
|---|-------------|----------|-------|-----------|---------|-------------|-------------|

Unsafe Code Detection

  1. Run cargo-geiger:

    cargo geiger --output-format=json > cargo-geiger-results.json

  2. Parse the results — Present unsafe usage summary:

| Crate | Unsafe Functions | Unsafe Expressions | Unsafe Impls | Unsafe Traits |
|-------|-----------------|-------------------|--------------|---------------|
  1. Summarize — Provide:
    • Total vulnerabilities found and their severities
    • Unsafe code hotspots requiring manual review
    • Upgrade recommendations for vulnerable dependencies
    • Whether #[forbid(unsafe_code)] is used at crate level
Weekly Installs
2
Repository
vchirrav/produc…i-skills
GitHub Stars
1
First Seen
Feb 14, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
gemini-cli2
opencode2
antigravity2
mistral-vibe2
github-copilot2
roo2