j-skills
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing the
j-skillsCLI tool to manage local files and symbolic links. This provides a direct interface for the agent to modify the local filesystem within project and global configuration directories (e.g.,~/.claude/skills/). - [EXTERNAL_DOWNLOADS]: The documentation instructs users to globally install the
j-skillsNPM package. It also references the Vercel Labs GitHub repository for path specifications, which is a recognized and well-known service. - [PROMPT_INJECTION]: The skill includes a 'Guidance for LLMs' section. While these instructions are designed to help the agent manage installation scopes (project vs. global), they represent a mechanism for influencing agent decision-making logic.
- [INDIRECT_PROMPT_INJECTION]: This skill presents an attack surface for indirect injection as it processes user-provided skill names and paths to execute CLI commands.
- Ingestion points: Untrusted data enters via skill names, paths, and environment arguments passed to
j-skills installorj-skills linkcommands. - Boundary markers: The skill documentation does not define specific delimiters or warnings to prevent the agent from misinterpreting embedded instructions within skill files during the 'link' process.
- Capability inventory: The CLI tool possesses capabilities to create symbolic links, create directories, and list files across 35+ agent configuration paths.
- Sanitization: No explicit sanitization or validation logic is mentioned for the inputs passed from the agent's context to the shell commands.
Audit Metadata