Skills
skills/dawiddutoit/custom-claude/jira-api/Gen Agent Trust Hub

jira-api

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the retrieval and processing of data from external Jira issues, which creates a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through API calls such as client.get_issue and client.search_issues as documented in SKILL.md.
  • Boundary markers: The instructions do not define boundary markers or delimiters to isolate retrieved external content from the agent's instructions.
  • Capability inventory: The skill allows the use of Bash, WebFetch, and Read tools, which provides a significant capability surface if an attacker successfully injects instructions into Jira content.
  • Sanitization: The documentation and code examples do not include logic for sanitizing or validating external content before processing.
  • [COMMAND_EXECUTION]: Scenario 7 in examples/examples.md provides an example of running a Flask web server using app.run(port=5000). While illustrative for a webhook, this pattern involves opening local network ports, which can be misused or lead to unintended exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 05:24 PM