just-init
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted documentation content.
- Ingestion points: The agent is instructed to read
__init__.pydocstrings from the codebase to understand package logic and determine subsequent navigation steps (Navigation Rule in SKILL.md). - Boundary markers: The instructions specify a triple-quote docstring format but do not provide delimiters or warnings to ignore potentially malicious instructions embedded within those strings.
- Capability inventory: The agent has capabilities to read, create, and modify local files and navigate directory structures (Auto-Update Rule, New Package Rule).
- Sanitization: There is no validation or sanitization of the docstring content before it is used by the agent to decide which files to explore or how to describe the package.
Audit Metadata