rust-router
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted content from Cargo.toml and .rs files as defined in SKILL.md. It lacks boundary markers and sanitization, which allows malicious instructions embedded in code to potentially influence the agent's behavior during analysis. Ingestion points: SKILL.md globs. Capability inventory: integrations/os-checker.md tools.
- [Command Execution] (HIGH): The integrations/os-checker.md file defines commands like /audit security that trigger external binaries (clippy, cargo audit, miri) on ingested code. Executing these tools on untrusted content poses a risk of arbitrary command execution if the tools are exploited or arguments are manipulated.
- [External Downloads] (MEDIUM): The skill references a large number of external sub-skills and agents (e.g., m01-ownership, rust-learner, docs-researcher) that are not included in the package, making the full dependency chain and behavior unverifiable.
Recommendations
- AI detected serious security threats
Audit Metadata