todo
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- Command Execution (MEDIUM): The skill dynamically constructs and executes bash commands using variables like
$key,$PR_NUMBER, and$REPOwhich are extracted from external sources (Jira, GitHub). This presents a command injection risk if the source metadata is maliciously formatted to include shell metacharacters. - Evidence: Execution steps 3a and 3d use variables directly in bash calls:
acli jira workitem view $keyandgh pr view $PR_NUMBER --repo $REPO. - Prompt Injection (LOW): The skill demonstrates a high vulnerability surface for Indirect Prompt Injection (Category 8) by ingesting untrusted content from multiple external platforms.
- Ingestion points: Jira issue descriptions, Jira comments, Confluence pages, Slack search results, and GitHub PR bodies.
- Boundary markers: None identified. External content is interpolated directly into the briefing presentation.
- Capability inventory: The skill has permission to execute shell commands, write to the filesystem, and access Atlassian/Slack MCP tools.
- Sanitization: No sanitization or validation of the ingested strings is performed before processing or display.
- Credentials Unsafe (LOW): Sensitive credentials (
$JIRA_API_TOKEN) are passed directly via command-line arguments incurlrequests. This can lead to credential exposure in system process listings or shell history. - Evidence:
curl -L -u "$JIRA_EMAIL:$JIRA_API_TOKEN" ...in Step 3a.
Audit Metadata