Skills
skills/sanjay3290/ai-skills/jules/Gen Agent Trust Hub

jules

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the @google/jules CLI package globally via npm to enable interaction with the Jules AI agent.
  • [COMMAND_EXECUTION]: Executes various local shell commands for git operations, GitHub CLI interactions, and session monitoring as part of its core functionality.
  • [PROMPT_INJECTION]: Processes external data such as git logs, file diffs, and GitHub pull request information to provide context to the Jules AI agent. This establishes an indirect prompt injection surface where malicious content within a repository or PR could attempt to influence the AI's instructions.
  • Ingestion points: Reads repository state via git diff, git log, and gh pr view commands.
  • Boundary markers: None visible; repository metadata is interpolated directly into prompt strings.
  • Capability inventory: The skill can modify the local filesystem, commit changes, and push to remote branches via the Jules CLI and git.
  • Sanitization: No sanitization is performed on the ingested metadata before it is sent to the AI service.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:44 PM