using-jj-workspaces
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes shell commands to automate development workflows, including workspace management and environment setup.
- Evidence: Invokes
jj workspace add,npm install,cargo build, and various test runners based on project detection. - [EXTERNAL_DOWNLOADS] (LOW): Triggers external network requests to download project dependencies.
- Evidence: Uses
npm,yarn,pnpm,go mod download, andbundle installto fetch packages from public registries. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is susceptible to indirect injection because it bases execution logic on the contents of untrusted project files.
- Ingestion points:
package.json,Cargo.toml,pyproject.toml,flake.nix,Gemfile, andgo.mod. - Boundary markers: Absent; the skill blindly trusts the existence of these files to determine which commands to run.
- Capability inventory: Full command execution (install, build, test) and file modification capabilities.
- Sanitization: Absent; the skill relies on the underlying package managers to handle potentially malicious configuration files.
- [DATA_EXPOSURE] (SAFE): Includes a mandatory security check to prevent sensitive workspace data from being tracked by version control.
- Evidence: Instructions require adding the workspace directory to
.gitignoreor.jjignorebefore creating the workspace.
Audit Metadata