jules

[Skill Scanner] Installation of third-party script detected This skill is consistent with its stated purpose (delegating GitHub coding tasks to the Jules AI via its CLI). I found no obfuscated or clearly malicious code, no hardcoded secrets, and no unexpected external hosts. The main security consideration is that repository content and context are sent to the external Jules service (jules.google.com) and the workflow requires write/push permissions to the GitHub repo; that behavior is expected but poses an exposure risk if the service or credentials are compromised or if sensitive files are unintentionally uploaded. Recommend verifying trust in the Jules service, limiting credentials/permissions to the minimum required, and excluding sensitive files from tasks. LLM verification: This skill's capabilities are consistent with its stated purpose: it legitimately needs access to git metadata, repo files, and the ability to apply and push changes to implement automated task delegation to the Jules agent. There is no evidence of obfuscation, hardcoded secrets, or malicious code in this SKILL.md text. The primary security concern is expected and inherent: it sends repository context and task prompts to an external service (Google Jules) and can automatically apply and push cod