justfile-author
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The Makefile template includes a command to download and execute the official installation script for the just task runner from the official domain at https://just.systems/install.sh.\n- [COMMAND_EXECUTION]: Automates the setting of executable permissions using chmod +x for generated service scripts and executes local validation commands including just --list and make help to verify the success of the scaffolding process.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from project configuration files and interpolating it into generated shell scripts and justfile recipes.\n
- Ingestion points: Project configuration files such as package.json, Cargo.toml, pyproject.toml, and go.mod.\n
- Boundary markers: None present in the generated templates to delimit external data from instruction blocks.\n
- Capability inventory: File system writes, permission modification via chmod, and local command execution of just and make.\n
- Sanitization: Basic slug normalization (lowercase and underscore replacement) is applied to project titles, but command strings from scripts are interpolated without specific escaping.
Audit Metadata