task-runner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill is designed to execute commands directly on the host system via the
justutility. It explicitly supports running recipes liketest,build, anddeploy, which are often wrappers for complex shell scripts. - INDIRECT PROMPT INJECTION (HIGH): This skill is highly vulnerable to indirect prompt injection because it ingests and acts upon external, untrusted content (a
justfilefound in a project root). - Ingestion points: The agent reads the local
justfileto list and execute recipes. - Boundary markers: None. The skill does not attempt to isolate or verify the safety of the recipes before execution.
- Capability inventory: Full shell command execution via the
justbinary, which can spawn subshells, perform network operations, or access sensitive files. - Sanitization: None. The utility is designed to execute the file's content as-is.
- REMOTE_CODE_EXECUTION (MEDIUM): While it doesn't download remote scripts directly, it enables the execution of code provided by external repositories (e.g., if an agent clones a malicious repo and is prompted to 'run tests').
Recommendations
- AI detected serious security threats
Audit Metadata