just
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Persistence Mechanisms (HIGH): The 'Shell Completions Setup' section provides explicit instructions for the agent to modify user shell profiles (
~/.zshrc,~/.bashrc) to source completion files. In the context of an AI skill, modifying shell startup scripts is a high-risk persistence mechanism. - Indirect Prompt Injection (HIGH):
- Ingestion points: The skill is designed to bootstrap and manage project repositories by creating
justfilemodules based on project content. - Boundary markers: None. The skill uses standard markdown templates without delimiters to separate project data from execution logic.
- Capability inventory: The skill utilizes the
justcommand runner, which executes arbitrary shell commands includingrm -rf,go build, andchmod. - Sanitization: None. If an agent generates these recipes based on untrusted project data (e.g., malicious file names or branch names in
git describe), it could lead to arbitrary command execution. - Command Execution (MEDIUM): The templates include high-impact commands such as
chmod +xon bootstrap scripts andrm -rfon variable-defined paths, which present a risk if the agent misinterprets the project root or variable scope.
Recommendations
- AI detected serious security threats
Audit Metadata