jira-read-ticket
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves content from external Jira tickets (descriptions and comments) which are untrusted data sources.\n
- Ingestion points:
scripts/fetch_comments.pyandscripts/fetch_description.pyfetch ticket content via the Jira API.\n - Boundary markers: The skill does not implement boundary markers or instructions to the agent to treat the fetched content as untrusted data.\n
- Capability inventory: The skill possesses network communication capabilities and provides instructions for shell command execution.\n
- Sanitization: While
scripts/jira.pyperforms markdown formatting, it does not sanitize the input for potential malicious instructions or prompt injection patterns.\n- [COMMAND_EXECUTION]: TheSKILL.mdfile encourages the agent to usecurlandjqto interact with the Jira REST API, providing examples that use environment variables for authentication.\n- [DATA_EXFILTRATION]: The skill performs network operations usingurllib.requestin its Python scripts and suggestscurlcommands to interact with external Atlassian Cloud instances based on the user-providedATLASSIAN_URLenvironment variable.
Audit Metadata