agentic-jujutsu
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell-level version control operations such as git push, commit, and branch management via the
jj.executemethod andJjWrapperAPI. - [EXTERNAL_DOWNLOADS]: Fetches the
agentic-jujutsupackage and its dependencies (e.g.,@qudag/napi-core) from the NPM registry, which is a well-known package service. - [REMOTE_CODE_EXECUTION]: Utilizes
npx agentic-jujutsuto download and execute the package logic directly from the remote NPM registry during setup. - [PROMPT_INJECTION]: Implements an indirect prompt injection surface through its 'ReasoningBank' self-learning loop.
- Ingestion points: Untrusted task descriptions enter the context via
jj.startTrajectory(task)andjj.getSuggestion(task)inSKILL.mdandreferences/capabilities-and-api.md. - Boundary markers: None identified in the provided documentation or code snippets.
- Capability inventory: The skill can execute shell commands (
jj.execute), create branches, and manage commits. - Sanitization: No explicit sanitization or validation of the input task descriptions is shown before they influence the
getSuggestionoutput used for subsequent operations.
Audit Metadata