planning-jira-tasks
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it consumes untrusted data from Jira ticket snapshots at
docs/<TICKET_KEY>.md. If a ticket contains adversarial instructions in its description or comments, it could influence the subagents' planning output.\n - Ingestion points:
docs/<TICKET_KEY>.mdis read by multiple subagents includingtask-planner,task-validator, andstage-validator.\n - Boundary markers: The instructions lack explicit delimiters or 'ignore embedded instructions' warnings for the ticket content.\n
- Capability inventory: The skill utilizes file read/write operations via agent tools but does not invoke subprocesses or network operations.\n
- Sanitization: No sanitization or validation of the text within the ticket snapshot is performed beyond structural presence checks.
Audit Metadata