jira
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection because it ingests untrusted data from Jira.
- Ingestion points: Ticket descriptions, summaries, and comments retrieved via CLI (
jira issue view) or MCP (getJiraIssue) as detailed in SKILL.md and references/commands.md. - Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are used when interpolating issue content into the agent's context.
- Capability inventory: The skill can create, update, and transition tickets, which could be exploited if an attacker-controlled ticket contains malicious instructions.
- Sanitization: The skill mitigates this risk by explicitly requiring user approval for all write operations and fetching current state before any modification.
- [Command Execution] (SAFE): The skill utilizes the
jiraCLI and MCP tools for legitimate operations. Command construction follows established patterns and includes safety checks to prevent accidental execution of unintended commands. - [Data Exposure & Exfiltration] (SAFE): No evidence of hardcoded credentials, access to sensitive local system files (e.g., ~/.ssh), or data exfiltration to non-whitelisted domains was found.
- [Unverifiable Dependencies] (SAFE): While the skill references a third-party CLI (ankitpokhrel/jira-cli), it does not automate its installation via risky methods like piped shell scripts. It provides clear manual setup instructions for the user.
Audit Metadata