acli-jira
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from Jira tickets and local configuration files, which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Reading Jira ticket summaries, descriptions, and comments via 'acli jira workitem view/search/comment list', and reading the local configuration file at '~/.config/opencode/skills/acli-jira/boards.md'.
- Boundary markers: Absent. The skill instructions do not provide delimiters or specific warnings to the agent to disregard instructions embedded in the processed data.
- Capability inventory: The agent can execute 'acli' system commands to create, edit, transition, and assign Jira tickets, as well as browse project and board data.
- Sanitization: Absent. External data from ticket content or the config file is interpolated into commands without validation or escaping.
- Command Execution (LOW): The skill relies on executing the 'acli' command-line tool. While these commands are specific to Jira management, they involve system subprocess calls and network activity.
- Data Exposure & Exfiltration (LOW): The skill performs network operations to Jira Cloud (a non-whitelisted domain) via the 'acli' tool to search and view ticket information.
Audit Metadata