cargo-storage
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing shell commands via the
@cargo-ai/clitool to interact with the Cargo platform. This includes managing authentication tokens and executing SQL queries against the storage layer.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the@cargo-ai/clipackage, which is the official tool maintained by the platform vendor. This is a standard dependency for accessing the platform's services.\n- [PROMPT_INJECTION]: The skill ingests data from records and schemas in the Cargo workspace, which presents an indirect prompt injection surface. The agent may process untrusted data retrieved from the warehouse that could contain embedded instructions.\n - Ingestion points: record list, model metadata (SKILL.md, references/response-shapes.md)\n
- Boundary markers: Not explicitly defined in the instruction set.\n
- Capability inventory: Shell command execution via
cargo-aiCLI.\n - Sanitization: Not explicitly implemented in the skill instructions.\n- [REMOTE_CODE_EXECUTION]: The skill allows the definition of computed columns using JavaScript expressions (
jsExpression). While these are intended for data transformation within the Cargo platform, they represent a dynamic execution surface for logic defined by the agent.
Audit Metadata