Skills
skills/hotthoughts/jj-skills/jj-update-pr/Gen Agent Trust Hub

jj-update-pr

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands using jj (Jujutsu) and gh (GitHub CLI) to retrieve version control logs, diffs, and to update GitHub pull requests.
  • [PROMPT_INJECTION]: The skill reads the output of jj diff and uses it to generate text, creating a vulnerability surface for indirect prompt injection where instructions embedded in code comments could manipulate the agent.
  • Ingestion points: Code diffs retrieved via jj diff -r in Step 5.
  • Boundary markers: Absent; there are no specific markers or instructions for the AI to ignore embedded content within the diff.
  • Capability inventory: Capability to modify pull requests via gh pr edit and update commit messages via jj describe.
  • Sanitization: No evidence of input validation or content filtering before the diff data is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 06:40 AM