jira-tool
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/jira-tool.shconstructs JSON payloads for several commands (e.g.,cmd_comment,cmd_create,cmd_assign) by directly interpolating shell variables. Without consistent escaping for characters like double quotes, this can result in malformed JSON or the injection of additional fields into Jira API requests. - [COMMAND_EXECUTION]: The script invokes local browser openers such as
openorxdg-openusing URLs dynamically parsed fromcloudflaredoutput during the authentication flow. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external data.
- Ingestion points: Issue summaries, descriptions, and comments are retrieved from
jira.cfdata.orgvia thegetandsearchcommands. - Boundary markers: No delimiters or safety instructions are applied to the retrieved content to prevent the agent from interpreting it as instructions.
- Capability inventory: The skill has broad capabilities to modify the Jira environment, including creating, updating, and deleting issues.
- Sanitization: There is no sanitization or validation of data retrieved from Jira before it is processed by the agent.
Audit Metadata