executing-jira-task
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. It ingests untrusted data from Jira tickets and planning artifacts stored in the docs/ directory (e.g., ticket snapshots, briefs, and execution plans). There are no specified boundary markers or instructions to isolate or ignore embedded instructions within this data. This external content directly informs the actions of subagents like task-executor, which has the capability to execute shell commands. No sanitization of the input data is mentioned in the instructions.
- [COMMAND_EXECUTION]: The task-executor subagent (subagents/task-executor.md) is instructed to run 'relevant test commands' to verify implementation against the provided test specifications. While this is a functional requirement for the skill, it represents a risk as it provides a path for potential command execution if the input data (e.g., test specs) is compromised via indirect injection.
Audit Metadata