jd-docs
Fail
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/jd_classify.pyusesimportlib.utilto dynamically load and execute functions from a computed relative path (../../diataxis/scripts/diataxis_classify.py). This dynamic execution pattern is used for optional Diataxis framework integration.\n- [REMOTE_CODE_EXECUTION]: Documentation inSKILL.mdandTROUBLESHOOTING.mdrecommends installing a dependency by piping a remote script to a shell:curl -LsSf https://astral.sh/uv/install.sh | sh. While the source is a well-known service, this method involves executing remote code without local verification.\n- [COMMAND_EXECUTION]: The utility scriptscripts/shared.pyexecutes thegitcommand usingsubprocess.runto determine the project root directory, which is a common operation for project-aware tooling.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when processing project documentation. Ingestion points: The scriptsjd_classify.pyandjd_index.pyread markdown file headings and content from the user's project. Boundary markers: Absent; the skill does not use delimiters to isolate untrusted file content. Capability inventory: Subprocess calls inshared.py, file move operations injd_add.pyandjd_classify.py, and file write operations injd_init.py,jd_add_area.py, andjd_index.py. Sanitization: Absent; while filenames are normalized and content is lowercased for keyword matching, there is no filtering of embedded natural language instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata