The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions specify installing core components from the public NPM registry using npx agentic-jujutsu.
[REMOTE_CODE_EXECUTION]: The use of npx facilitates the download and immediate execution of remote scripts from a public repository.
[COMMAND_EXECUTION]: The skill exposes a jj.execute() method for running arbitrary shell commands, such as git push or merge, which provides a direct vector for system-level operations.
[PROMPT_INJECTION]: The skill's 'ReasoningBank' feature introduces an indirect prompt injection surface. Ingestion points: Untrusted data enters the system through task descriptions and critiques in jj.startTrajectory() and jj.finalizeTrajectory(). Boundary markers: No delimited boundaries or safety instructions are present to prevent the AI from interpreting user-provided data as commands. Capability inventory: The skill can execute shell commands and operations provided by its AI engine. Sanitization: No validation or filtering is performed on AI-suggested operations before execution.
[COMMAND_EXECUTION]: The documentation demonstrates a pattern where the agent iterates over and automatically executes strings returned from an AI suggestion engine, which could result in the execution of malicious commands if the learning trajectories are poisoned by an attacker.

qe-agentic-jujutsu