jira-transitions
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from Jira issue fields such as summaries and statuses. While no execution logic is currently applied to this data, it represents a surface for potential injection if the agent interprets these fields as instructions. * Evidence: 1. Ingestion points:
get_issueandget_transitionsinscripts/workflow-demo.pyandscripts/workflow-demo.mjs. 2. Boundary markers: None present to delimit external data from instructions. 3. Capability inventory: API calls to transition issue states and add comments. 4. Sanitization: No escaping or validation of Jira response strings. - [Data Exposure] (LOW): The scripts access sensitive credentials (JIRA_API_TOKEN) from the environment. This is a best-practice implementation for the intended use case but necessitates secure handling of the execution environment by the user.
Audit Metadata