Skills
skills/solid-company/solid-jobs-skills/jobs-evaluate/Gen Agent Trust Hub

jobs-evaluate

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download installation scripts from the developer's official repository (solid-company) on GitHub.
  • [REMOTE_CODE_EXECUTION]: Provides commands to download and execute shell or PowerShell scripts directly from the developer's repository for the purpose of installing the sjctl utility.
  • [COMMAND_EXECUTION]: Runs the sjctl CLI tool to retrieve JSON-formatted profiles and persist evaluation results; includes a fallback to run code via the Go compiler.
  • [PROMPT_INJECTION]: Processes external data (job offers) and local profile data, which presents an attack surface for indirect prompt injection.
  • Ingestion points: Cached job offer data and sjctl profile JSON output.
  • Boundary markers: Uses a structured rubric for scoring and passes data to CLI tool arguments.
  • Capability inventory: Executes local binaries (sjctl) and developer tools (Go).
  • Sanitization: Data is handled through structured CLI flags and JSON parsing, limiting the impact of malicious content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:42 AM
Security Audit — agent-trust-hub — jobs-evaluate