Skills
skills/bytelandtechnology/cli-forge/cli-forge-validate/Gen Agent Trust Hub

cli-forge-validate

Warn

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands including 'cargo build', 'cargo clippy', and 'cargo fmt' on a user-provided project directory ('project_path'). This facilitates the execution of any code defined in the target project's build.rs scripts or procedural macros.
  • [REMOTE_CODE_EXECUTION]: By running the Rust toolchain on arbitrary project paths, the skill inherits the security risks of the compilation process, where malicious project source code can execute arbitrary instructions during the build phase.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it parses untrusted data from project files ('Cargo.toml', 'SKILL.md', and '.cli-forge/cli-plan.yml') and interpolates it into the workflow without sanitization or boundary markers. 1. Ingestion points: 'Cargo.toml', 'SKILL.md', and 'cli-plan.yml' (Step 1, 5, 7 of 'instructions/validate.md'). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of 'cargo' build and linting commands (Step 6 of 'instructions/validate.md'). 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 21, 2026, 08:47 AM
Security Audit — agent-trust-hub — cli-forge-validate