Skills
NYC
skills/sanjay3290/postgres-skill/jules/Gen Agent Trust Hub

jules

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill installs the @google/jules package globally via npm. Because '@google' is a trusted organization, this finding is downgraded to LOW per the trust-scope rules.
  • [COMMAND_EXECUTION] (LOW): The skill executes multiple bash commands to automate coding tasks, including git, gh (GitHub CLI), and the jules CLI. This includes the jules remote pull --apply command which modifies local source code with AI-generated changes.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) by interpolating untrusted data into AI prompts.
  • Ingestion points: Content from git diff, git log, and gh pr view (pull request title/body/files) is piped into the jules new command.
  • Boundary markers: None. The context is simply appended to the prompt string (e.g., Context: branch=$BRANCH...).
  • Capability inventory: The skill can install packages, modify the local filesystem, and commit/push to git repositories.
  • Sanitization: No sanitization or escaping is performed on the data retrieved from git or GitHub before being sent to the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 11:36 AM