justfile
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The installation guide in
SKILL.mdinstructs users to installjustusing a piped bash command:curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash. Piped shell execution from remote sources is a high-risk pattern that can lead to arbitrary code execution if the source or connection is compromised. - [DATA_EXFILTRATION] (HIGH): The script
scripts/shell_to_just.pyaccesses and reads the user's shell history files (~/.zsh_history,~/.bash_history,~/.history). These files frequently contain sensitive information, including API keys, passwords used in command-line arguments, and private directory structures, posing a significant data exposure risk. - [COMMAND_EXECUTION] (MEDIUM): The skill is designed to generate and execute Justfiles which have the capability to run arbitrary shell commands on the local system.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection by processing external data into executable scripts. 1. Ingestion points: Makefile, package.json, and shell history files processed by the scripts. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the source files. 3. Capability inventory: Subprocess execution of any recipe defined in the generated Justfile. 4. Sanitization: The scripts sanitize recipe names but do not validate or sanitize the shell commands themselves.
Recommendations
- HIGH: Downloads and executes remote code from: https://just.systems/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata