jira-builders
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion of data from external Jira tickets through commands like
jira-tool getandjira-tool search. If a ticket contains malicious instructions, they could influence the agent's subsequent actions. - Ingestion points: External ticket data is retrieved into the agent context in SKILL.md and QUICK_REFERENCE.md.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions embedded within the Jira content.
- Capability inventory: The skill uses
subprocess.runand shell scripting to execute commands and process files. - Sanitization: No evidence of sanitization or escaping of the retrieved ticket content is present in the provided instructions.
- [COMMAND_EXECUTION]: The skill's primary function is achieved through the execution of the
jira-toolCLI and shell utilities likejqandcatvia the command line. - [DATA_EXFILTRATION]: The skill provides commands for exporting Jira data to local files (
jsonl,csv,json), which involves the transfer of data from a remote platform to the local filesystem for processing. - [PERSISTENCE_MECHANISMS]: The instructions suggest modifying shell profiles (
~/.bashrc,~/.zshrc) to store environment variables such asJIRA_API_TOKENto ensure configuration persistence across shell sessions. - [DATA_EXPOSURE]: The troubleshooting section mentions echoing the
JIRA_API_TOKEN, which can lead to sensitive credentials being recorded in shell history or visible in shared environments, though it includes a warning regarding shared terminals.
Audit Metadata