jira
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection because it processes untrusted external content and possesses extensive capabilities to modify the environment.
- Ingestion points: The
scripts/jira-api.pyscript retrieves summaries, descriptions, and comments from Jira issues, which are external sources that can be controlled by malicious actors. - Boundary markers: Absent. There are no delimiters or instructions to the agent to treat API responses as untrusted data, increasing the likelihood that the agent will follow instructions embedded within the Jira content.
- Capability inventory: The script
scripts/jira-api.pyacts as a full-featured REST client, allowing the agent to execute any HTTP method (GET, POST, PUT, DELETE) on any Jira API v3 endpoint. This provides the agent with the power to not only update issues but also delete data or change project settings. - Sanitization: No sanitization or validation is performed on the data fetched from the API before it is passed back to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata