code-explain
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
jj diff -scommand to determine which files have changed. This uses the Jujutsu (jj) version control tool, which is a standard developer utility. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). 1. Ingestion points: The skill reads local code files, diff output, and external documentation via WebSearch and WebFetch. 2. Boundary markers: No delimiters or protective instructions are used when interpolating external content into the agent context. 3. Capability inventory: Includes system command execution (jj), file system access, network requests, and the ability to spawn sub-agents (code-researcher, code-architect). 4. Sanitization: No evidence of validation or filtering of ingested content before it is processed by the language model.
Audit Metadata