Skills
skills/existential-birds/beagle/review-rust/Gen Agent Trust Hub

review-rust

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to analyze the local codebase.
  • Evidence: Executes git diff, grep, cargo clippy, cargo check, and cargo test to identify changed files and verify code correctness.
  • [REMOTE_CODE_EXECUTION]: The skill triggers the execution of local project code through standard Rust build and test tools.
  • Evidence: Running cargo check, cargo clippy, and cargo test (Step 3 and Post-Fix Verification) executes project-defined logic such as build.rs scripts, procedural macros, and unit tests. This represents a potential execution vector if the repository under review contains malicious code.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from the untrusted code it processes.
  • Ingestion points: git diff output, Cargo.toml, and .rs source files (Steps 1, 2, and 4).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt interpolation steps.
  • Capability inventory: Full shell execution via cargo and git commands.
  • Sanitization: No sanitization or validation of the ingested code content is performed prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 06:02 PM
Security Audit — agent-trust-hub — review-rust