Back to skill

Security audit

Cargo Cdk

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Cargo workspace-as-code guide, but users should handle destructive deploy options and API secrets carefully.

Install this only if you intend to manage a Cargo workspace as code. Review plans before deploys, be especially deliberate with destroy and deploy --prune, verify the selected workspace, and keep API tokens and connector secrets in a secure secret store or CI secret configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents destructive operations like `destroy` as part of the normal lifecycle without an explicit warning that they can tear down live resources and potentially cause service disruption or data loss. In an agent-driven context, concise operational guidance can be followed mechanically, so omission of safety warnings increases the chance of unsafe execution.

Missing User Warnings

High
Confidence
97% confidence
Finding
`deploy --prune` is mentioned as a side-branch operation that deletes resources removed from code, but the text does not clearly warn that this can remove still-needed live infrastructure if code or state is wrong. In a declarative infra skill, pruning is especially dangerous because an agent may treat it as routine cleanup and trigger broad deletions across an environment.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation tells users to export a long-lived API key into the shell environment without any warning about credential handling, shell history exposure, shared-session risk, or safer alternatives. In a deployment-focused skill, this can normalize insecure secret handling and increase the chance of accidental leakage through terminal logs, process inspection, CI output, or persisted shell configuration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The recipe includes a full teardown command (`cargo-ai cdk destroy --all`) without an adjacent explicit warning that it is destructive and may irreversibly remove deployed workspace resources. In an agent-skill context, users may copy commands verbatim, so documenting a destructive operation without a caution increases the risk of accidental environment deletion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
guides/authoring-resources.md:123

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
recipes/build-an-agent.md:65

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
references/examples/full-workspace.md:69