jira
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (LOW): The skill executes local shell commands via the
jiraCLI. While it implements a 'fetch-before-modify' workflow and requires user approval for transitions and creations, the dynamic assembly of command strings based on user input and ticket data is an inherent capability surface. - [External Downloads] (LOW): The skill directs users to install the
jira-cliutility fromankitpokhrel/jira-cli. This is an external community repository not included in the pre-approved trusted source list. - [Indirect Prompt Injection] (LOW): The skill processes untrusted data (descriptions, summaries, and comments) from Jira tickets. Evidence Chain:
- Ingestion points: Data enters the context via
jira issue view,jira issue list, andmcp__atlassian__getJiraIssuetools. - Boundary markers: The prompt lacks explicit structural delimiters for external data, though it uses procedural boundaries like showing 'current vs proposed' state.
- Capability inventory: Includes subprocess execution (
jiraCLI), file writing (/tmp/jira_body.md), and network operations through the Jira API/MCP. - Sanitization: The skill relies on human-in-the-loop approval as the primary sanitization/validation mechanism for all write operations.
Audit Metadata