planning-jira-task
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The instructions in the orchestrator and subagents are strictly focused on task planning and data processing. No patterns attempting to override safety filters, bypass constraints, or extract system prompts were found.
- [DATA_EXFILTRATION]: No network-enabled tools or operations (e.g., curl, wget, fetch) are used. The skill is designed to write its artifacts to the local
docs/directory only. - [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded API keys, tokens, or secrets. It references Jira ticket keys as identifiers but does not interact with external Jira APIs directly.
- [COMMAND_EXECUTION]: There is no evidence of arbitrary shell command execution, subprocess spawning, or dynamic script generation. The subagents use the agent's file-reading capabilities to inspect the codebase and write markdown files.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input from
docs/<TICKET_KEY>-tasks.mdand project source code. While this presents an injection surface, the skill has no high-risk capabilities (like network access or code execution) to exploit, and it uses specific markdown headers as boundary markers to structure the input processing.
Audit Metadata