Skills
skills/danielbush/skills/jcodemunch/Gen Agent Trust Hub

jcodemunch

Warn

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands using bunx and uvx to interact with the jcodemunch-mcp server.
  • [EXTERNAL_DOWNLOADS]: The skill uses package runners (bunx and uvx) to fetch and execute tools (mcporter, jcodemunch-mcp) from public registries (npm and PyPI) at runtime.
  • [REMOTE_CODE_EXECUTION]: The index_repo tool allows the agent to pull content from remote GitHub repositories for indexing and analysis.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted source code from external repositories or local folders.
  • Ingestion points: Data enters the agent's context through tools like get_symbol_source, search_text, and get_context_bundle which retrieve code snippets.
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are used when presenting the retrieved code to the agent.
  • Capability inventory: The agent has shell access via the bunx and uvx commands defined in the skill.
  • Sanitization: There is no evidence of sanitization or filtering of the code content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 1, 2026, 02:18 AM