cargo-cdk
Fail
Audited by Snyk on Jul 11, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The docs state that importing any .ts runs registration side-effects and explicitly recommend importing a generated .cargo-ai JS file while also describing CI deploys that use workspace tokens and env secrets — this combination permits arbitrary code execution at import time (RCE/backdoor) and potential exfiltration of secrets when runs happen in CI.
Issues (1)
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata