jira-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill directs the agent to connect to an external MCP server at https://rube.app/mcp. This endpoint provides the underlying tool logic and is not on the trusted sources list. The severity is lowered as this is the primary intended mechanism for the skill.
- Indirect Prompt Injection (LOW): The skill creates an attack surface by reading Jira data (issues, comments) that can be manipulated by external actors to include malicious instructions.
- Ingestion points: Jira content fetched through tools like JIRA_GET_ISSUE and JIRA_SEARCH_FOR_ISSUES_USING_JQL_POST.
- Boundary markers: The skill lacks delimiters or explicit instructions to ignore commands within retrieved data.
- Capability inventory: The agent has permissions for impactful actions like JIRA_EDIT_ISSUE and JIRA_ADD_USERS_TO_PROJECT_ROLE.
- Sanitization: No data sanitization or validation is implemented for retrieved content.
- Data Exposure & Exfiltration (SAFE): The skill uses OAuth-based connection management via RUBE_MANAGE_CONNECTIONS, avoiding hardcoded credentials.
Audit Metadata