jira-developer-integration
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes external, potentially untrusted data from Git commit messages and JIRA issue descriptions.
- Ingestion points:
git logoutput, JIRA issue summaries, and commit messages parsed viajira-as dev parse-commits. - Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: Uses the
Bashtool to execute thejira-asCLI which performs network operations (JIRA API) and local Git analysis. - Sanitization: No sanitization or validation logic is defined in the skill markdown.
- Dependency Analysis (SAFE): The skill relies on an external CLI tool
jira-as. While the source of this tool is not specified, the skill itself does not contain code to download or install it from untrusted sources.
Audit Metadata