The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The Python script scripts/bulk-create.py reads a .env file from the filesystem to extract JIRA_EMAIL and JIRA_API_TOKEN. These credentials are used for Basic Authentication in requests to a user-configurable JIRA_BASE_URL, creating a risk of credential exposure or exfiltration if the environment variables are misdirected.
[Command Execution] (MEDIUM): The skill uses subprocess.run to execute git log. While the command parameters are fixed, this pattern allows the script to interact directly with the host's system binaries, which is a privileged operation.
[Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from git history and uses it to populate Jira issue fields. 1. Ingestion points: get_git_commits() reads commit messages from the local repository history. 2. Boundary markers: Absent. Untrusted commit strings are interpolated directly into the JSON body for API requests. 3. Capability inventory: The script has the capability to perform authenticated POST and GET requests to the Jira API via the make_request function. 4. Sanitization: Commit summaries are truncated to 255 characters, but no escaping, validation, or structural filtering is performed on the content.

jira-agile