jira-bulk-operations
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): Inconsistent instructions and missing script dependencies. The
SKILL.mdmanifest explicitly forbids running Python scripts directly, yet all documentation files (QUICK_START.md,CHECKPOINT_GUIDE.md,OPERATIONS_GUIDE.md, etc.) instruct the agent to execute specific Python files (e.g.,python bulk_transition.py). Since these scripts are not provided within the skill distribution, an agent following the documentation could be induced to execute untrusted local files if they are placed in the workspace by an attacker. - PROMPT_INJECTION (LOW): High surface area for Indirect Prompt Injection (Category 8).
- Ingestion points: The skill processes potentially untrusted data from JIRA issue fields (summaries, comments, descriptions) via JQL searches.
- Boundary markers: No specific delimiters or instructions are provided to help the agent distinguish between data and control instructions.
- Capability inventory: The skill possesses the
Bashtool and the ability to perform mass transitions and deletions. - Sanitization: There is no evidence of sanitization or validation of the ingested JIRA data before it is handled by the agent.
- COMMAND_EXECUTION (MEDIUM): Irreversible destructive capabilities. The skill includes a
bulk deleteoperation which is explicitly marked as permanent and irreversible. Without strict input validation or boundary markers for the JQL queries that drive this tool, there is a risk of mass data loss via adversarial manipulation of the issue search criteria.
Audit Metadata