Skills
skills/vchirrav/product-security-ai-skills/sast-cargo-audit/Gen Agent Trust Hub

sast-cargo-audit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill recommends installing 'cargo-audit' and 'cargo-geiger' via 'cargo install'. These are standard security tools from the trusted Crates.io registry.
  • COMMAND_EXECUTION (LOW): The skill executes several cargo commands to perform security analysis and dependency fixing. Evidence: 'cargo audit --json' and 'cargo geiger --output-format=json' in SKILL.md.
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection analysis: 1. Ingestion points: 'cargo-audit-results.json' and 'cargo-geiger-results.json'. 2. Boundary markers: Absent. 3. Capability inventory: Execution of cargo subprocesses. 4. Sanitization: Absent. The skill ingests external tool output which could be manipulated by a malicious project to influence the AI's summary.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:48 PM