design-jira-state-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of
pandasand an external CLI tool namedjira-toolto perform analysis operations. - [COMMAND_EXECUTION]: Examples provided in the documentation use shell-based command execution via
uv runand Python heredocs to aggregate data. - [PROMPT_INJECTION]: The skill ingests external data from workflow logs, which presents a risk of indirect prompt injection.
- Ingestion points: Processes Jira changelogs and GitHub PR timelines extracted from external JSON files or API responses.
- Boundary markers: No specific boundary markers or instructions are defined to distinguish external data content from agent instructions.
- Capability inventory: The skill facilitates network requests to the Jira API and file system operations (read/write) for analysis reports.
- Sanitization: The implementation is focused on temporal calculations and does not perform sanitization on string fields (like status names or author labels) found in external logs.
Audit Metadata