jules
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the Jules CLI utility from the '@google/jules' package on NPM. This is a trusted vendor resource from Google.
- [COMMAND_EXECUTION]: Employs standard developer tools including 'git' for repository management, 'npm' for package installation, and 'gh' for GitHub interaction. These commands are necessary for the skill's function of automating code tasks.
- [PROMPT_INJECTION]: Contains a surface for indirect prompt injection. The skill collects data from external sources like Pull Request titles and bodies and includes them in the prompts sent to the Jules AI agent.
- Ingestion points: Reads Pull Request information using 'gh pr view' and local code changes using 'git diff' in files such as SKILL.md.
- Boundary markers: Absent; external data is concatenated directly into task instructions without delimiters.
- Capability inventory: The skill has the ability to install software via NPM, modify the local file system using 'jules remote pull --apply', and perform remote repository operations like 'git push' and 'gh pr create'.
- Sanitization: None; external input is interpolated directly into instructions without filtering or escaping.
Audit Metadata