Skills
skills/krzemienski/validationforge/rust-cli-validation/Gen Agent Trust Hub

rust-cli-validation

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the Rust toolchain (cargo check, cargo clippy, cargo build, cargo test) and the resulting binary to verify functionality. This is the intended purpose of the validation skill.
  • [EXTERNAL_DOWNLOADS]: Uses the standard cargo build system which may download dependencies from crates.io (the official Rust package registry) during the build and test phases. This is standard developer workflow and follows best practices for Rust development.
  • [DATA_EXFILTRATION]: No network exfiltration was found. The skill reads local files (Cargo.toml) and writes diagnostic logs to a local e2e-evidence directory for inspection.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection if a malicious project's metadata or CLI output contains instructions intended to manipulate the agent.
  • Ingestion points: Processes the contents of Cargo.toml and various logs generated from the binary's stdout/stderr.
  • Boundary markers: Absent. There are no explicit instructions for the agent to disregard instructions embedded within the files being validated.
  • Capability inventory: Extensive subprocess execution via cargo and execution of the compiled project binary.
  • Sanitization: None detected; the agent is instructed to read and verify output files directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 01:16 PM
Security Audit — agent-trust-hub — rust-cli-validation