jira-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external Jira ticket descriptions to generate tasks and subtasks.
- Ingestion points: Jira Epic and PROD ticket descriptions (referenced in references/build-description.md).
- Boundary markers: Absent; the instructions do not specify delimiters or warnings to ignore instructions within the ingested ticket data.
- Capability inventory: The skill uses the Atlassian MCP tool for Jira ticket creation and updates and performs local filesystem exploration to analyze code structures (SKILL.md, references/build-description.md).
- Sanitization: Absent; no logic is provided to sanitize or escape data extracted from Jira tickets before it is used to generate new content.
- Mitigation: The skill incorporates mandatory user confirmation steps before creating or updating any tickets, which serves as a security checkpoint.
- [COMMAND_EXECUTION]: The skill performs automated directory and file exploration of the local codebase to generate technical specifications. This is a primary functional requirement of the tool and is intended for technical documentation.
- [DATA_EXFILTRATION]: The skill reads local source code and Jira ticket data. Although it processes this information, it is only transmitted to the connected Jira instance via the Atlassian MCP tool after explicit user approval of the generated content.
Audit Metadata