Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/juicebox-core-workflow-a/Gen Agent Trust Hub

juicebox-core-workflow-a

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection identified in the search query construction logic.
  • Ingestion points: The CandidateSearch interface in types/search.ts processes raw user-provided strings for fields like role, skills, and location.
  • Boundary markers: The buildSearchQuery function in types/search.ts uses direct string interpolation. While some parameters are enclosed in double quotes, there is no escaping mechanism for these quotes or other special characters.
  • Capability inventory: According to the SKILL.md frontmatter, the skill is granted extensive permissions including Bash(npm:*), Bash(pip:*), Write, and Edit. These could be leveraged if an attacker-controlled profile in the search results contains malicious instructions that the agent follows.
  • Sanitization: No input validation or output sanitization is implemented for the data exchanged with the external Juicebox API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:34 AM