Skills
skills/solid-company/solid-jobs-skills/jobs-digest/Gen Agent Trust Hub

jobs-digest

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute installer scripts from the vendor's official GitHub repository using piped shell commands.
  • Evidence: curl -fsSL https://raw.githubusercontent.com/solid-company/solid-jobs-skills/main/scripts/install-sjctl.sh | bash.
  • Evidence: irm https://raw.githubusercontent.com/solid-company/solid-jobs-skills/main/scripts/install-sjctl.ps1 | iex.
  • [EXTERNAL_DOWNLOADS]: Fetches the sjctl CLI tool and its installation scripts from external URLs associated with the skill's author.
  • Source: https://raw.githubusercontent.com/solid-company/solid-jobs-skills/.
  • [COMMAND_EXECUTION]: Core functionality depends on executing local shell commands through the sjctl CLI tool for syncing data and managing user profiles.
  • [PROMPT_INJECTION]: The skill processes job offer data from external sources, creating a surface for indirect prompt injection.
  • Ingestion points: External job data retrieved via sjctl sync --json.
  • Boundary markers: No markers or 'ignore' instructions are used to delimit external data.
  • Capability inventory: Execution of sjctl CLI commands.
  • Sanitization: No sanitization or validation of the ingested job content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 02:35 PM
Security Audit — agent-trust-hub — jobs-digest