菜单
Audits Rust code for unsafe blocks, ownership issues, and Cargo dependency risks. Use when reviewing Rust code or before merging Rust changes.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Detects AI-generated writing patterns in prose. Use when reviewing docs for slop, vague language, or identity leaks before publishing.
Recommends context compression strategies for bloated or quota-heavy sessions. Use when context feels sluggish or quota burns faster than expected.
Guide minimal code via a decision ladder with full safety, edge, and negative-case coverage. Use when adding code, choosing a dependency, or auditing a diff.
Optimizes context window via MECW principles and memory tiering. Use when context exceeds 30% or before long multi-step tasks.
Generates or remediates documentation with human-quality writing. Use when creating new docs, rewriting AI-generated content, or applying style profiles.
Converts external documents (PDF, DOCX, PPTX, XLSX, HTML) into editable markdown. Use when ingesting external files for rewriting or project integration.
| name | rust-review |
| description | Audits Rust code for unsafe blocks, ownership issues, and Cargo dependency risks. Use when reviewing Rust code or before merging Rust changes. |
| globs | **/*.rs |
| alwaysApply | false |
| category | code-review |
| tags | ["rust","ownership","concurrency","unsafe","traits","cargo"] |
| tools | [] |
| usage_patterns | ["rust-audit","unsafe-review","dependency-audit","concurrency-analysis"] |
| complexity | advanced |
| model_hint | deep |
| estimated_tokens | 400 |
| progressive_loading | true |
| dependencies | ["pensive:shared","imbue:proof-of-work","imbue:review-core","imbue:structured-output"] |
| modules | ["ownership-analysis.md","error-handling.md","concurrency-patterns.md","unsafe-audit.md","cargo-dependencies.md","silent-returns.md","collection-types.md","sql-injection.md","cfg-test-misuse.md","error-messages.md","duplicate-validators.md","builtin-preference.md","native-type-modeling.md","idiomatic-elision.md","coercion-params.md","conversion-traits.md","numeric-cast-safety.md","mutable-static-audit.md","match-wildcard.md","transmute-audit.md","float-equality.md","mem-forget-audit.md","repr-packed-audit.md","model-specific-tells.md","iterator-and-allocation-slop.md","test-slop.md","async-slop.md"] |
Expert-level Rust code audits with focus on safety, correctness, and idiomatic patterns.
/rust-review
Verification: Run the command with --help flag to verify availability.
rust-review:ownership-analysisrust-review:error-handlingrust-review:concurrencyrust-review:unsafe-auditrust-review:cargo-depsrust-review:native-modelingrust-review:idiomatic-elisionrust-review:coercion-paramsrust-review:conversion-traitsrust-review:numeric-cast-safetyrust-review:mutable-static-auditrust-review:match-wildcardrust-review:transmute-auditrust-review:float-equalityrust-review:mem-forget-auditrust-review:repr-packed-auditrust-review:evidence-logrust-review:findings-verifiedLoad modules as needed based on review scope:
Quick Review (ownership and errors):
modules/ownership-analysis.md for borrowing and lifetime analysismodules/error-handling.md for Result/Option patternsConcurrency Focus:
modules/concurrency-patterns.md for async and sync primitivesSafety Audit:
modules/unsafe-audit.md for unsafe block documentationmodules/mutable-static-audit.md for static mut globals and
their thread-safe replacementsmodules/numeric-cast-safety.md for truncating and
precision-losing as castsmodules/match-wildcard.md for catch-all arms that defeat enum
exhaustivenessmodules/transmute-audit.md for mem::transmute/transmute_copy
calls that reinterpret bytes with no layout checkmodules/repr-packed-audit.md for #[repr(packed)] layouts whose
field borrows become unaligned referencesCorrectness Audit:
modules/float-equality.md for ==/!= against float literalsmodules/mem-forget-audit.md for mem::forget leaks and no-op
drop(&x) reference dropsDependency Review:
modules/cargo-dependencies.md for vulnerability scanningIdiomatic Patterns:
modules/builtin-preference.md for conversion traits and builtin preferencemodules/native-type-modeling.md for enums-over-primitives,
newtype, type-state, and derived orderingmodules/idiomatic-elision.md for lifetime elision,
expression-oriented returns, and explicit -> () unit returnsmodules/coercion-params.md for &String/&Vec<T>/&PathBuf
parameters that defeat deref coercion (prefer &str/&[T]/&Path)modules/conversion-traits.md for impl Into that should be
impl From, and discarded try_into().unwrap() conversion errorsstatic mut globals; shared state uses OnceLock/LazyLock,
atomics, or a Mutex/RwLockmem::transmute/transmute_copy; bytes converted with
from_le_bytes/from_bits/bytemuck or pointers with .cast()#[repr(packed)] fields copied out before borrowing (no unaligned
references)mem::forget leaks (use ManuallyDrop/scope) and no no-op
drop(&x) reference dropsmlock/munlock calls: RLIMIT verified, page-aligned,
ENOMEM handledas casts (length truncation, as u8/i8, as f32)
replaced with TryFrom/From_ => unreachable!()/panic!/{}
catch-alls==/!= against a
float literal'_ in pathsreturn dropped in favor of the tail expression-> () unit returns dropped (default is elided)&str/&[T]/&Path, not &String/&Vec<T>/
&PathBuf (deref coercion accepts both, so the slice is more general)From/TryFrom, not Into/TryInto; a
fallible conversion's error is propagated, not unwrap()ped## Summary
Rust audit findings
## Ownership Analysis
[borrowing and lifetime issues]
## Error Handling
[error patterns and issues]
## Concurrency
[async and sync patterns]
## Unsafe Audit
### [U1] file:line
- Invariants: [documented]
- Anchor: `verbatim source text at file:line`
- Risk: [assessment]
- Recommendation: [action]
## Native Type Modeling
[stringly-typed comparisons, boolean blindness, newtype/type-state notes]
## Idiomatic Elision
[needless lifetimes, trailing returns, explicit `-> ()` unit returns]
## Coercion Params
[`&String`/`&Vec<T>`/`&PathBuf` params that should be borrowed slices]
## Conversion Traits
[`impl Into` over `impl From`; discarded `try_into().unwrap()` errors]
## Numeric Cast Safety
[length-truncating, byte-narrowing, and f32 precision-losing `as` casts]
## Mutable Static Audit
[`static mut` globals and their thread-safe replacements]
## Match Wildcard
[catch-all `_ =>` arms that defeat enum exhaustiveness]
## Transmute Audit
[`mem::transmute`/`transmute_copy` calls and their typed replacements]
## Float Equality
[exact `==`/`!=` comparisons against float literals]
## Mem Forget Audit
[`mem::forget` leaks and no-op `drop(&x)` reference drops]
## Repr Packed Audit
[`#[repr(packed)]` layouts whose field borrows become unaligned]
## Dependencies
[cargo audit results]
## Recommendation
Approve / Approve with actions / Block
Verification: Run the command with --help flag to verify availability.
rust-review:findings-verified)Every finding must cite a real location and a verbatim anchor. Write
findings to .review/findings.json and confirm each citation resolves:
python plugins/imbue/scripts/citation_verifier.py \
--findings .review/findings.json --repo-root .
Drop or label UNVERIFIED any finding the verifier fails (exit 1); only
verified findings enter the report. See Skill(imbue:review-core) Step 5
and Skill(imbue:structured-output) for the schema.
Location + verbatim Anchor confirmed by citation_verifier.py (exit 0), or unverified findings were dropped or labeled UNVERIFIED