prost is a protobuf implementation with 3000 daily downloads. It is a high-risk component because it is exposed to untrusted data from the network.

Protocol buffers involve code generation, so simply auditing the runtime code is not sufficient - we should also look into reducing the amount of unsafe in the generated code.