jj-megamerge
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to read and interpret commit descriptions from the repository's history to determine the workflow state. If an attacker can control commit messages (e.g., via a pull request or shared repository), they could potentially embed instructions designed to influence the agent's actions.
- Ingestion points: The command
jj log -r 'closest_merge(@)' --no-graph -T 'description ++ "\n"'is used to ingest untrusted metadata into the agent's context (SKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard natural language commands found within the commit description data.
- Capability inventory: The skill enables the agent to perform sensitive repository operations including
jj git push,jj abandon, andjj squash. - Sanitization: No sanitization or validation logic is defined to check the contents of the commit descriptions before they are processed by the agent.
Audit Metadata