jira-sync
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from local markdown files in the plans/ directory and user arguments without sanitization. * Ingestion points: Reads contents from the most recently modified .md file in the plans/ folder and the $ARGUMENTS variable. * Boundary markers: None. The skill does not use delimiters or instructions to ignore embedded commands within the files it reads. * Capability inventory: The skill has access to Bash, Read, Glob, Grep, and JIRA API tools (mcp__atlassian__*), which allow for file system manipulation and outbound network requests. * Sanitization: Absent. An attacker who can influence the content of a project plan file could embed instructions that the agent might follow, such as using Bash to read sensitive files and posting them as JIRA comments.
- [Command Execution] (SAFE): The skill requests the Bash tool for routine tasks like searching and file parsing. While Bash is powerful, its intended use within the workflow for Grep and Glob operations is standard for development automation skills.
Audit Metadata