cargo-diagnostics

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @cargo-ai/cli package from the NPM registry. This is an official tool provided by the vendor, getcargohq.
  • [COMMAND_EXECUTION]: The skill provides instructions for using the cargo-ai CLI, specifically for running SQL queries (orchestration query execute), fetching run details (orchestration run get), and managing workspace reports. These commands are standard operations for the tool's intended diagnostic purpose.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of runContext outputs from previous workflow executions (identified in references/run-trace.md). The skill includes guidelines for the agent to extract specific relevant nodes rather than processing raw JSON, which serves as a basic boundary marker to mitigate risks from embedded instructions in log data. The capabilities associated with this ingestion are limited to diagnostic queries and reporting within the vendor's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 01:01 AM