jc
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): No malicious instructions, obfuscation, or data exfiltration patterns were detected. The skill provides legitimate guidance on using a common open-source serialization tool.
- [NO_CODE] (SAFE): The skill consists entirely of markdown instructions and documentation. It does not ship with any scripts, binaries, or active code, significantly reducing the attack surface.
- [Indirect Prompt Injection] (SAFE): The skill's primary purpose is to parse untrusted data (CLI output). While this represents a theoretical ingestion surface, it is a core function of the documented utility and does not contain active exploits or dangerous interpolation logic in the instruction set.
- Ingestion points: CLI output and string variables processed by the
jcutility mentioned inSKILL.md. - Boundary markers: Not applicable for this instruction-only skill.
- Capability inventory: None; the skill provides documentation rather than execution capabilities.
- Sanitization: Not specified, as the skill refers to an external tool.
Audit Metadata