Cargo.toml

Dependency-level indicator: the malicious commit adds a build-dependency 'uuid = { version = "1.23", default-features = false, features = ["v4"] }' to Cargo.toml, used for Uuid::new_v4().as_simple() to generate the Sentry event_id. An otherwise-unexpected 'uuid' build-dep appearing alongside a new build.rs is a strong combined signal.