jam
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses common system tools such as curl, jq, grep, awk, and tr to manage API sessions and process JSON responses.
- [DATA_EXFILTRATION]: Communicates with the official domains jam.dev and mcp.jam.dev to exchange bug reporting data. All network operations are directed to the platform's legitimate API.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external sources, presenting a surface for indirect prompt injection.
- Ingestion points: Retrieves console logs, network request details, user events, and video transcripts from bug reports (SKILL.md).
- Boundary markers: No explicit delimiters are present to isolate the ingested content from the agent's instructions.
- Capability inventory: Executes shell commands, performs network requests via curl, and writes to temporary files (SKILL.md).
- Sanitization: No input sanitization or validation is applied to the ingested data before it is processed by the agent.
Audit Metadata