task-runner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and act upon instructions found in an external 'justfile' within the project root, which constitutes a vulnerability surface if the project source is malicious.
- Ingestion points: Project root 'justfile' accessed via
just --listandjust --showcommands. - Boundary markers: Absent. The instructions do not advise the agent to verify or sanitize the commands found in the file.
- Capability inventory: The
justutility has the capability to execute any shell command permitted by the user's environment, including file deletion (rm), script execution (./scripts/deploy.sh), and network operations through package managers. - Sanitization: None. The agent is instructed to trust the 'justfile' as the source of truth for available project commands.
- [Dynamic Execution] (LOW): The skill facilitates the execution of arbitrary logic defined in configuration files at runtime. While this is the intended purpose of a task runner, it allows the agent to execute commands that are not hardcoded within the skill itself, creating a path for executing potentially harmful project-level scripts.
Audit Metadata