cargo-cdk

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of official packages, @cargo-ai/cli and @cargo-ai/cdk, from the NPM registry to provide the necessary tooling for workspace management.\n- [CREDENTIALS_UNSAFE]: Documentation provides explicit guidance on secure secret management using environment variables and a dedicated secret() helper function, ensuring that sensitive API tokens are handled securely and kept out of version-controlled files.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard cargo-ai cdk CLI commands (such as init, plan, and deploy) to manage infrastructure resources.\n- [SAFE]: No obfuscation, malicious prompt injection, or unauthorized privilege escalation attempts were found. The skill's behavior and instructions are consistent with its intended purpose as a legitimate infrastructure-as-code tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 02:31 AM