The Agent Skills Directory

[SAFE]: The skill serves as an educational resource and diagnostic toolset for Rust development. It outlines idiomatic patterns for ownership, error handling, and security hardening without introducing malicious code.
[COMMAND_EXECUTION]: The skill provides numerous rg (ripgrep) and cargo command patterns (e.g., cargo audit, cargo clippy, cargo nextest). These are standard development tools used for static analysis and testing of local source code, conforming to the intended purpose of auditing Rust projects.
[EXTERNAL_DOWNLOADS]: The instructions reference a wide array of well-known and trusted Rust utilities and libraries, such as tokio, serde, cargo-deny, cargo-vet, and miri. These are established components of the Rust ecosystem and do not constitute a supply chain risk in the context of this skill.
[DATA_EXPOSURE_AND_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file access, or unauthorized network operations was found. The skill actively encourages security best practices like using SecretString and Zeroizing for sensitive data.
[INDIRECT_PROMPT_INJECTION]: As a tool designed to audit external Rust source code (via the AUDIT mode), the skill inherently possesses an attack surface where malicious instructions could be embedded in the code being analyzed. However, this is a functional characteristic of code analysis tools, and the skill includes specific guidance on validating findings and checking reachability to mitigate false results.

sota-rust