jj-init
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands to manage Jujutsu repositories and configuration. Key operations include repository initialization with
jj git init --colocate, execution of a local Python audit script (scripts/audit_jj_config.py), and configuration updates viajj config set. The skill implements safety measures by displaying commands for user confirmation before execution and handles environment-specific permission requirements for configuration writes by suggesting escalation if standard writes fail. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing local repository configuration data.
- Ingestion points: Configuration values are retrieved via
jj config listand parsed byscripts/audit_jj_config.py. - Boundary markers: The skill does not employ specific delimiters to isolate external configuration data from the summary instructions.
- Capability inventory: The agent has the capability to execute
jjcommands and modify local configuration files. - Sanitization: No explicit validation or sanitization is performed on the configuration values before they are summarized for the user.
- Note: While this ingestion of external data creates a potential injection surface where malicious configuration values could theoretically influence agent behavior, the risk is considered low and associated with the tool's primary purpose of auditing user-controlled settings.
Audit Metadata