Skills
skills/julianobarbosa/claude-code-skills/justfile-skill/Gen Agent Trust Hub

justfile-skill

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill specifies an installation command that downloads a script from https://just.systems/install.sh, which is the official distribution point for the 'just' command runner.
  • [REMOTE_CODE_EXECUTION]: The installation instructions suggest piping a remote script directly to a shell (curl ... | bash). This is a recognized pattern for tool installation from established and well-known sources.
  • [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands and scripts through justfile recipes. This includes usage of sudo for system-wide configuration and execution of shebang-based scripts.
  • [PROMPT_INJECTION]: The skill manages justfile content, which presents a surface for indirect prompt injection.
  • Ingestion points: Reads and modifies justfile files and project documentation via the Read, Write, and Edit tools.
  • Boundary markers: No delimiters or specific instructions to ignore embedded instructions are implemented in the prompt logic.
  • Capability inventory: The skill is authorized to use Bash, Write, Edit, Grep, Glob, and Read tools.
  • Sanitization: There is no evidence of content sanitization or validation before the tool processes the configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 06:56 AM