justfile
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download an installation script from the official domain just.systems.
- [REMOTE_CODE_EXECUTION]: The documentation references a common installation pattern where a remote script from https://just.systems/install.sh is piped directly to a shell for execution.
- [COMMAND_EXECUTION]: As a command runner assistant, the skill instructs the agent to use the Bash tool and native just features, such as backtick evaluation and shebang recipes, to execute system-level commands for project automation.
- [INDIRECT_PROMPT_INJECTION]: The skill processes project-specific justfiles which are untrusted external inputs. Ingestion points: Read tool; Boundary markers: None identified; Capability inventory: Bash, Write, Edit, Grep, Glob, Read; Sanitization: No explicit validation of justfile content before processing or execution.
Audit Metadata