skills/getcargohq/cargo-skills/cargo/Gen Agent Trust Hub

cargo

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation includes an installation command that pipes a remote shell script (https://api.getcargo.io/install.sh) directly to the shell. This script, hosted on the vendor's domain, is designed to set up session hooks for automated workspace management.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the @cargo-ai/cli package from the NPM registry and references external repositories (e.g., github.com/getcargohq/cargo-skills) for recipes and documentation.
  • [COMMAND_EXECUTION]: Extensive use of the cargo-ai CLI tool is documented for performing operations such as workspace registration, data model inspection, and workflow orchestration. The skill also utilizes standard shell utilities like npm, npx, and cat.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from git-backed markdown repositories and uploaded content files for use in RAG and context management. Ingestion points include the cargo-context and cargo-content domains; boundary markers and sanitization are absent in the provided instructions; capability inventory includes subprocess execution via cargo-ai, python nodes, and npx.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 07:05 PM