jira-agile-assistant
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is vulnerable to instructions embedded in external data it processes. 1. Ingestion points: Untrusted data enters via the 'input' JSON file and external outputs from GitHub PRs and requirements tools mentioned in capabilities. 2. Boundary markers: No markers or delimiters are defined to separate system instructions from processed data. 3. Capability inventory: The skill performs sensitive write operations (create/update issues) on Jira Cloud and On-prem environments. 4. Sanitization: No sanitization or validation of external content is specified in the skill definition.
- Data Exfiltration (MEDIUM): An attacker could potentially use injected instructions to leak Jira ticket contents or project data by manipulating the 'out' argument or syncing ticket data to unauthorized locations.
- No Code Provided (INFO): The analysis is performed based on the provided markdown and package metadata; the underlying implementation scripts were not included in the source for verification.
Recommendations
- AI detected serious security threats
Audit Metadata