jira-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Surface Detected. The skill is designed to interact with and process external data from Jira (issues, comments, and descriptions) which acts as an untrusted input source. (1) Ingestion points: Jira issue descriptions, summaries, and comments retrieved via JQL queries as described in SKILL.md and references/jql-examples.md. (2) Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided templates. (3) Capability inventory: The skill utilizes a Jira MCP server to perform high-privilege actions including project creation, status/field updates, and workflow/automation configuration. (4) Sanitization: There is no evidence of sanitization or filtering of external Jira content before it is processed by the agent.
- [DATA_EXFILTRATION] (MEDIUM): External Integration Templates. The references/automation-examples.md file contains templates for configuring Jira automation to send internal data (issue keys, summaries, reporter names, assignee email addresses, and comment bodies) to external webhooks (GitHub API, Slack) and email addresses. While these are common integration patterns, they provide a pre-configured vector for data exfiltration if the automation rules are triggered by malicious content or mismanaged.
Recommendations
- AI detected serious security threats
Audit Metadata