cargo-context
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@cargo-ai/clipackage from the NPM registry. This package is an official tool provided by the vendor (getcargohq). - [COMMAND_EXECUTION]: The skill utilizes the
cargo-ai context runtime executecommand, which allows the agent to run arbitrary shell commands (e.g.,grep,ls,pwd) within a runtime sandbox. This capability is documented for inspecting the repository structure and running checks; side effects from these commands are not persisted to the Git repository. - [PROMPT_INJECTION]: The skill features a data ingestion surface through its 'bootstrap' and 'refresh' workflows, which scrape public websites and analyze sales-call transcripts. This is analyzed as an indirect prompt injection risk.
- Ingestion points: External data enters the context via scrapers and call transcripts processed in
references/examples/bootstrap-and-update.md. - Boundary markers: Content templates in
references/conventions.mddo not utilize explicit boundary markers or instructions to ignore embedded prompts. - Capability inventory: The skill can execute shell commands (
cargo-ai context runtime execute), write files to a repository (cargo-ai context runtime write), and edit existing files (cargo-ai context runtime edit). - Sanitization: The skill mitigates risks by mandating a human-in-the-loop approval process for every suggested edit before it is committed to the repository.
Audit Metadata