code-commit
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local
jj(Jujutsu) commands to manage version control tasks. This includes viewing status (jj diff -s), inspecting history (jj log), and applying changes (jj describe, jj split). These commands are standard for the tool and limited to the user's repository context. - [PROMPT_INJECTION]: The agent processes untrusted content from the repository, specifically code diffs and previous commit messages, to generate summaries. While this represents a potential surface for instructions embedded in code, the impact is limited to the generation of commit messages within the local version control environment.
- Ingestion points: Output from jj diff and jj log commands (SKILL.md).
- Boundary markers: Not present.
- Capability inventory: File system access via Jujutsu for version control operations only. No network access or administrative commands detected.
- Sanitization: Not present.
Audit Metadata