jira-ticket-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through user-supplied data.\n
- Ingestion points: User-provided
summaryanddescriptionfields are processed by the agent and passed to thejiracommand inSKILL.mdandscripts/create_ticket.py.\n - Boundary markers: The prompt instructions do not include delimiters or specific warnings to ignore embedded instructions within the user input.\n
- Capability inventory: The skill has the capability to execute shell commands (
jira-cli) and write data to an external Jira instance viascripts/create_ticket.py.\n - Sanitization: No explicit sanitization or filtering of the ticket content is performed before interpolation into the command structure.\n- COMMAND_EXECUTION (SAFE): The skill uses
subprocess.runwith an argument list inscripts/create_ticket.py, which is the recommended practice to prevent shell injection. Documentation examples also use quoted shell variables to mitigate basic command injection risks.
Audit Metadata