diff --git a/ql/lib/codeql/actions/security/PoisonableSteps.qll b/ql/lib/codeql/actions/security/PoisonableSteps.qll
index f80f09a32d8..b1d5269d44a 100644
--- a/ql/lib/codeql/actions/security/PoisonableSteps.qll
+++ b/ql/lib/codeql/actions/security/PoisonableSteps.qll
@@ -23,7 +23,7 @@ private string dangerousCommands() {
       "terraform apply", "gomplate ", "pre-commit run", "pre-commit install", "go generate",
       "msbuild ", "mvn ", "gradle ", "bundle install", "bundle exec ", "^ant ", "mkdocs build",
       "pytest", "pip install -r ", "pip install --requirement", "java -jar ", "poetry install",
-      "poetry run"
+      "poetry run", "cargo "
     ]
 }