jira-sync
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill instructs the agent to prompt users for JIRA API tokens and emails, subsequently writing these secrets into a .env file in plaintext. Storing secrets in files accessible to the agent increases the risk of accidental exposure or misuse.
- [DATA_EXFILTRATION] (MEDIUM): The skill reads stored secrets from the .env file and transmits them via curl to a user-defined JIRA domain. While the domain is partially validated to end in atlassian.net, this pattern creates a vector for potential credential exfiltration if the domain variable is manipulated.
- [COMMAND_EXECUTION] (LOW): The skill relies on the Bash tool to perform file operations and network requests. While aligned with its purpose, these capabilities provide an attack surface for command injection if input validation is bypassed.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted user inputs (domain, email, token) and interpolates them into Bash scripts. Although regex validation is present, the lack of robust sanitization or boundary markers creates a surface for indirect prompt injection. Mandatory Evidence Chain for Category 8: 1. Ingestion points: User-provided credentials and domain strings via chat interaction (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash tool used for file writing, grep extraction, and curl requests (SKILL.md). 4. Sanitization: Basic regex validation for email format and domain suffix (SKILL.md).
Audit Metadata