rust-release
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs standard Rust toolchain commands and shell utilities (
cargo,git,gh,jq,grep,sed) to manage project state, verify code quality, and automate release tasks. Key operations includecargo check,cargo update, andcargo build. - [DATA_EXFILTRATION]: The skill performs expected network operations to push release branches to remote repositories and create pull requests on GitHub via
git pushandgh pr create. - [PROMPT_INJECTION]: The instructions include a directive for the agent to avoid referencing AI tools or co-authorship in commit messages and pull request descriptions. This is a common stylistic requirement for professional software projects.
- [PROMPT_INJECTION]: The skill ingests data from local project files, such as
Cargo.tomlandCHANGELOG.md, to determine version information and release notes. This constitutes a potential surface for indirect prompt injection if those files contain malicious instructions, though the impact is scoped to the release automation workflow. - Ingestion points:
Cargo.toml(parsed for version metadata) andCHANGELOG.md(parsed for unreleased changes). - Boundary markers: No explicit delimiters are specified for separating file content from the agent's instructions during pull request body generation.
- Capability inventory: File system access, shell execution, and remote repository management via Git and GitHub CLI.
- Sanitization: No specific validation or escaping is applied to the content extracted from project files before it is processed.
Audit Metadata