jules

This skill is a usage/integration README that instructs users to install and use the Jules CLI to delegate coding tasks to a remote AI agent and to apply changes back to GitHub repositories. It does not contain obfuscated or directly malicious code, but it carries moderate supply-chain and data-exposure risk: installing and running a third-party CLI, sending repository context (diffs, commits, files) to an external service (jules.google.com), and automating application/commit/push of changes can expose source code, secrets, and credentials, and enables repository modification with limited human gating. If the Jules service or CLI were compromised, or if prompts include sensitive files, confidential data or credentials could be leaked or misused. Recommended mitigations: review and vet the @google/jules package before installation, avoid including secrets or sensitive files in the context/prompts, require human review before applying and pushing any automated changes, use least-privileged accounts for CI or automation, and audit network calls and tokens used by the CLI.