rust-deps-visualizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses the Bash tool to execute
cargo metadataandcargo tree. These are standard, non-malicious commands within the Rust ecosystem used for project diagnostics. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection from malicious dependency names or metadata in
Cargo.toml. Evidence Chain: 1. Ingestion points:Cargo.toml(via Read) andcargo treeoutput (via Bash); 2. Boundary markers: Absent; 3. Capability inventory:Bash,Read,Glob; 4. Sanitization: None. The risk is considered low as the primary behavior is ASCII visualization.
Audit Metadata