Skills
skills/danverbraganza/jujutsu-skill/jujutsu/Gen Agent Trust Hub

jujutsu

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill metadata uses authoritative directives ('REQUIRED
  • Always activate FIRST', 'DO NOT IGNORE') to override the agent's default tool selection logic and prioritize its instructions.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:\n
  • Ingestion points: The skill instructs the agent to read repository history and commit content using jj log, jj show, and jj diff (SKILL.md).\n
  • Boundary markers: No delimiters or safety instructions are defined to separate the untrusted repository data from the agent's internal instructions.\n
  • Capability inventory: The agent has access to jj via Bash(jj *), which enables both local file mutations and network operations like git fetch and git push (SKILL.md).\n
  • Sanitization: The skill lacks sanitization or validation logic for the content retrieved from the VCS history.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 05:49 AM