jira
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill primarily functions by executing the
af jiracommand-line tool. This includes commands that perform read and write operations on a Jira instance based on user or external input.- [DATA_EXFILTRATION]: Theaf jira attachcommand allows for the uploading of local files to a remote Jira server. While this is a standard feature for Jira management, it presents an exfiltration vector if an agent is manipulated into uploading sensitive system files (e.g.,.envfiles, SSH keys, or configuration data) to a Jira issue.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from an external source (Jira) that could contain malicious instructions. - Ingestion points: The skill retrieves untrusted data from Jira through operations like
af jira get,af jira list,af jira search, andaf jira comment. This data includes issue summaries, descriptions, and comments. - Boundary markers: There are no specified delimiters or system instructions defined within the skill to distinguish between administrative instructions and the data retrieved from Jira.
- Capability inventory: The skill possesses significant capabilities, including creating, updating, and deleting Jira resources, as well as the ability to transmit local files to a remote network endpoint.
- Sanitization: The skill description does not include any mechanisms for sanitizing or validating the content retrieved from Jira before it is interpreted by the agent.
Audit Metadata