Skills
skills/sanjay3290/postgres-skill/jules/Gen Agent Trust Hub

jules

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill defines workflows that ingest untrusted data from pull requests and local git repositories to provide context for the AI agent.
  • Ingestion points: Data from gh pr view (titles, bodies, files) and git diff is interpolated into prompts for the jules new command.
  • Boundary markers: None; external content is included directly in the task description without delimiters.
  • Capability inventory: The jules CLI has the ability to apply code changes locally, clone repositories, and interact with the remote Jules service.
  • Sanitization: The ingested data is not validated or escaped before being processed by the AI.
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill instructs the user to install a specific package from the npm registry.
  • Evidence: npm install -g @google/jules
  • Context: The package is an official tool for the Google Jules service and is essential for the functionality described in the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 02:03 PM