jira-ticket-viewer
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
scripts/download-attachment.jsscript reads the Jira CLI configuration file located at~/.config/.jira/.config.ymlto extract user login information. - [DATA_EXFILTRATION]: The
download-attachment.jsscript includes theJIRA_API_TOKENin theAuthorizationheader when requesting attachment URLs and persists this sensitive header across HTTP redirects, potentially leaking credentials to untrusted third-party servers. - [COMMAND_EXECUTION]: The execution steps in
SKILL.mdconstruct shell commands using theOUT_DIRvariable inferred from user arguments without explicit sanitization, which could lead to command injection if the directory path contains shell metacharacters. - [PROMPT_INJECTION]: The skill processes untrusted Jira ticket content (descriptions and comments) which can be used to perform indirect prompt injection attacks against the agent.
- Ingestion points: Untrusted ticket metadata is processed by
scripts/parse-ticket.jsandscripts/download-attachment.jsas defined inSKILL.md. - Boundary markers: The instructions lack delimiters or explicit warnings to the model to treat the ticket content as untrusted data.
- Capability inventory: The skill has the ability to execute Bash commands, write to the file system, and make network requests via Node.js scripts.
- Sanitization: There is no evidence of content sanitization or validation before the data is processed or summarized.
Recommendations
- AI detected serious security threats
Audit Metadata