jira
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill exposes a wide range of functional commands through the Atlassian CLI (
acli). This allows the agent to perform administrative and destructive actions such as deleting projects (acli jira project delete), trashing custom fields (acli jira field delete), and archiving work items. While these are intended features, they represent a high capability tier that could be misused if the agent is manipulated. - [DATA_EXFILTRATION]: Numerous commands support reading content from local files via flags such as
--from-file,--body-file,--from-json, and--from-csv. This functionality presents a risk of local data exposure if an attacker provides a path to sensitive files (e.g., SSH keys or configuration files), which the agent might then upload as Jira comments or issue descriptions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It frequently ingests untrusted data from Jira, such as issue summaries, descriptions, and comments. Maliciously crafted Jira tickets could contain instructions designed to hijack the agent's logic when it views or searches for these items. The skill lacks explicit boundary markers or sanitization instructions for processing this external data.
- [CREDENTIALS_UNSAFE]: The authentication reference (
JIRA_AUTH.md) describes methods for non-interactive login using email and API tokens. While it suggests piping the token or reading from a file, this process involves handling highly sensitive credentials within the command-line context.
Audit Metadata