rust-skills
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill describes a 'Dynamic Skill Generation' mechanism (referenced in references/commands.md) that parses project dependencies from
Cargo.tomlfiles and crate metadata to generate or update agent skills in~/.claude/skills/. This architecture establishes a surface where untrusted project data can influence the agent's persistent behavior. Ingestion points: LocalCargo.tomlfiles and external crate metadata. Boundary markers: None documented to prevent instruction injection from metadata. Capability inventory: Reading local project files and writing instruction files to the home directory. Sanitization: No validation or sanitization of ingested metadata is described. - [COMMAND_EXECUTION]: The command system (e.g.,
/sync-crate-skills,/docs,/crate-info) instructs the agent to perform automated file system operations and network requests based on project context and user input. This includes reading configuration files and fetching documentation or metadata from external registries.
Audit Metadata