code-plan
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
jj diffcommand to analyze code changes, leveraging the Jujutsu version control system as part of its core planning process. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it evaluates potentially untrusted data from the local repository and the web.
- Ingestion points: Untrusted data enters the context through local file reading via
jj diffand external web content viaWebSearchandWebFetchtools. - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore embedded commands within the analyzed data.
- Capability inventory: The skill can spawn subagents (
code-architect,security-researcher,simplicity-reviewer,code-researcher) to process the ingested information. - Sanitization: No sanitization or validation of the input data is performed before it is used for synthesis.
Audit Metadata