domain-embedded
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill utilizes the '!' command execution prefix to run 'cat .cargo/config.toml'. This allows the skill to perform arbitrary file reads via shell commands on the host system.
- [PROMPT_INJECTION] (HIGH): Mandatory Evidence Chain for Indirect Prompt Injection: (1) Ingestion Point: Output from '.cargo/config.toml' is injected into the 'Project Context' header. (2) Boundary Markers: None; the raw file content is included directly in the markdown. (3) Capability Inventory: The injected content influences the 'Embedded Domain' reasoning layer. (4) Sanitization: None. An attacker with write access to the repository can place malicious instructions in the Cargo configuration to subvert the agent's logic.
- [DATA_EXPOSURE] (MEDIUM): Accessing '.cargo/config.toml' can expose sensitive build-time environment variables, private registry credentials, or target architecture details to the model context without user consent.
Recommendations
- AI detected serious security threats
Audit Metadata