PkgRadar

Cargo · crates.io

dirge-agent

Rs Build Time Fs Out Of Band: Filesystem path outside the build OUT_DIR / cargo cache (/etc, $HOME, ~/.ssh, /tmp/*.sh).

Why PkgRadar flagged 0.7.4

SeveritySignalEvidence
highRs Build Time Fs Out Of BandFilesystem path outside the build OUT_DIR / cargo cache (/etc, $HOME, ~/.ssh, /tmp/*.sh). · dirge-agent-0.7.4/src/permission/engine/build.rs
mediumRs Build Time CommandProcess spawn (std::process::Command) at build time. · dirge-agent-0.7.4/build.rs
mediumRemote Payloadmatched "curl " · dirge-agent-0.7.4/src/agent/tools/skill.rs
mediumRemote Payloadmatched "curl " · dirge-agent-0.7.4/src/extras/memory_db.rs
mediumRemote Payloadmatched "curl " · dirge-agent-0.7.4/src/extras/session_db_tests.rs
mediumRemote Payloadmatched "curl " · dirge-agent-0.7.4/src/extras/skills/guard.rs
mediumRemote Payloadmatched "curl " · dirge-agent-0.7.4/src/extras/skills/manager.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.7.4High risk1402026-06-17
0.7.3High risk1402026-06-17
0.7.2High risk1402026-06-15
0.7.1High risk1402026-06-15
0.6.4High risk1402026-06-14
0.6.3High risk1402026-06-13
0.6.2High risk1402026-06-12
0.6.1High risk1402026-06-11
0.6.0High risk1402026-06-11
0.5.2High risk1402026-06-11
0.5.1High risk1402026-06-10
0.5.0High risk1402026-06-10
0.4.1High risk1402026-06-08
0.4.0High risk1402026-06-08
0.3.1High risk1102026-06-05
0.2.4High risk1102026-06-03
0.2.3High risk1102026-06-02
0.2.2High risk1102026-05-31
0.2.1High risk1102026-05-31
0.2.0High risk1102026-05-31
0.1.0High risk1102026-05-30

Block this in CI

PkgRadar gates dirge-agent (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence