cargo-context

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @cargo-ai/cli package from the NPM registry. This package is an official tool provided by the vendor (getcargohq).
  • [COMMAND_EXECUTION]: The skill utilizes the cargo-ai context runtime execute command, which allows the agent to run arbitrary shell commands (e.g., grep, ls, pwd) within a runtime sandbox. This capability is documented for inspecting the repository structure and running checks; side effects from these commands are not persisted to the Git repository.
  • [PROMPT_INJECTION]: The skill features a data ingestion surface through its 'bootstrap' and 'refresh' workflows, which scrape public websites and analyze sales-call transcripts. This is analyzed as an indirect prompt injection risk.
  • Ingestion points: External data enters the context via scrapers and call transcripts processed in references/examples/bootstrap-and-update.md.
  • Boundary markers: Content templates in references/conventions.md do not utilize explicit boundary markers or instructions to ignore embedded prompts.
  • Capability inventory: The skill can execute shell commands (cargo-ai context runtime execute), write files to a repository (cargo-ai context runtime write), and edit existing files (cargo-ai context runtime edit).
  • Sanitization: The skill mitigates risks by mandating a human-in-the-loop approval process for every suggested edit before it is committed to the repository.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 12:23 PM