jujutsu
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and command examples for the Jujutsu (jj) version control system, facilitating repository management tasks.
- [COMMAND_EXECUTION]: The skill references standard
jjCLI commands (e.g.,jj commit,jj rebase,jj squash) for local version control operations. These commands are documented for educational purposes and align with the skill's intended use-case. - [EXTERNAL_DOWNLOADS]: The skill includes documentation for standard remote VCS operations such as
jj git fetch,jj git push, andjj git clone <url>. These are standard network functionalities for version control tools and do not involve suspicious third-party sources or automated script execution. - [PROMPT_INJECTION]: The skill is triggered by external project content such as
.jj/directories or README files. While this represents a theoretical surface for indirect prompt injection (Category 8), the skill serves as a reference guide for the agent rather than an automated execution engine for untrusted data. - Ingestion points: Analyzes project structure and README file content (SKILL.md).
- Boundary markers: None explicitly defined in instructions.
- Capability inventory: Execution of
jjCLI commands across all referenced files. - Sanitization: None specified for input project data.
Audit Metadata