generate-status-report
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security utility in
scripts/jql_builder.pywhich uses a strict regular expression whitelist (^[a-zA-Z0-9\s\-_.@]+$) to sanitize all user-provided inputs before they are used to construct JQL queries. This effectively mitigates JQL injection risks when querying Jira. - [SAFE]: The workflow follows the principle of least privilege and user oversight by explicitly requiring the agent to clarify scope and obtain confirmation before publishing or updating any Confluence pages.
- [SAFE]: Indirect prompt injection (Category 8) risk is effectively managed. While the skill ingests untrusted data from Jira issue summaries and descriptions (ingestion points in
searchJiraIssuesUsingJql), the impact is limited to the content of the formatted report. The skill's primary focus is report generation, and it includes mandatory interactive steps to confirm the target audience and destination, reducing the risk of the agent performing unauthorized actions based on embedded instructions. No specific boundary markers are used in the templates, but the agent's capability is restricted to standard documentation tools (createConfluencePage,updateConfluencePage).
Audit Metadata