m11-ecosystem
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes a local shell command to retrieve dependency information.
- Evidence:
!grep -A 100 '^\\[dependencies\\]' Cargo.toml 2>/dev/null | head -30 || echo "No Cargo.toml found"inSKILL.md. - Analysis: While this command is used to provide context to the agent, it represents an active shell invocation during skill processing.
- [PROMPT_INJECTION] (LOW): Indirect prompt injection vulnerability through external data ingestion.
- Ingestion points: Reads
Cargo.tomlvia shell command. - Boundary markers: Absent; the file content is injected directly into the prompt context.
- Capability inventory: The skill provides architectural advice but the environment processing the skill allows shell command execution.
- Sanitization: Absent; the content of
Cargo.tomlis not escaped or validated before ingestion. An attacker with write access to the local project'sCargo.tomlcould attempt to influence the agent's behavior.
Audit Metadata