just-cli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): Found in references/recipes.md and references/settings.md. The skill enables an agent to parse and execute recipes from 'justfiles'. Since these files are typically sourced from external repositories, attackers can embed malicious shell commands for the agent to run. (Ingestion: justfile, mod, .env; Capability: Shell, Python, Node.js; Sanitization: Optional regex patterns).
- Dynamic Execution (HIGH): Found in references/recipes.md. The '[script]' attribute and backtick evaluation allow for embedding and executing Node.js, Python, and Bash code directly. This represents a significant dynamic execution vector if untrusted data is interpolated into recipes.
- Command Execution (HIGH): The core functionality described across all files is the definition and execution of system commands, which requires strict environment isolation to prevent host compromise.
- Data Exposure (MEDIUM): Found in references/settings.md and references/syntax.md. Features like 'dotenv-load' and the 'env()' function facilitate access to sensitive environment variables, posing a risk of accidental credential disclosure if the agent logs output.
Recommendations
- AI detected serious security threats
Audit Metadata