The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection as it creates Jira issues using external input (e.g., commit messages) which may be read by other automated agents or users.
Ingestion points: testCreateIssue in both test.mjs and test.py take summary and description parameters.
Boundary markers: No specific delimiters or instruction-ignore warnings are present in the implementation templates.
Capability inventory: Network operations via fetch (Node.js) and urlopen (Python) to the Jira REST API.
Sanitization: No sanitization or validation of the input strings is performed before they are sent to the Jira API.
[Data Exposure & Exfiltration] (SAFE): The skill requires sensitive credentials (JIRA_API_TOKEN). The provided test scripts include debug logging that prints the first and last 10 characters of the token. While not a direct exfiltration, logging portions of secrets is a poor security practice. The example token in SKILL.md is a truncated placeholder and does not constitute a credential leak.

jira-auth