wasmtime
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides the official installation script for Wasmtime from its primary project domain (wasmtime.dev). This is the standard delivery method for the runtime binary.
- [REMOTE_CODE_EXECUTION]: The documentation provides examples of the Module::deserialize and Component::deserialize APIs, which are used to load precompiled machine code. These examples are appropriately wrapped in Rust's unsafe blocks and accompanied by documentation comments advising the user to only use trusted inputs, reflecting the standard security model for these advanced APIs.
- [COMMAND_EXECUTION]: The guide includes numerous commands for setting up development environments, including cargo install for official tools like cargo-component and wasm-tools, and zig build for compiling guest modules. These commands are essential for the WebAssembly development workflow.
Audit Metadata