jam-router
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a multi-agent workflow where user-supplied project descriptions and architectural decisions are used to generate personas and implementation variants. This design creates a surface for indirect prompt injection, as malicious input in the initial request could potentially influence the instructions or constraints of the sub-agents spawned during the 'Jam' session.\n
- Ingestion points: Problem descriptions and architectural 'slots' defined in Phase 1 (jam/SKILL.md).\n
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' prompts when passing user data to sub-agents. However, the skill does utilize 'worktree' isolation for implementation agents.\n
- Capability inventory: Spawning of background agents with the
Agenttool, filesystem modification usinggit worktree, and automated test execution.\n - Sanitization: No explicit sanitization or content validation steps are included in the workflow documentation.
Audit Metadata