jira-issue-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to retrieve and display full details of JIRA issues (summaries and descriptions), which are untrusted external inputs. If an issue contains malicious instructions, the agent might inadvertently execute them.
- Ingestion points: Data enters the agent context through the
jira-as issue getcommand mentioned inSKILL.md. - Boundary markers: There are no instructions in
SKILL.mdto wrap the retrieved JIRA content in delimiters or to warn the agent to ignore embedded instructions. - Capability inventory: The skill is granted
Bash,Read,Glob, andGreptool access in the YAML frontmatter ofSKILL.md. - Sanitization: No sanitization or validation of the JIRA issue content is performed before it is presented to the agent.
- [Persistence Mechanisms] (SAFE): The documentation in
SKILL.mdsuggests that users addevalcommands to their shell configuration files (.bashrc,.zshrc) to enable shell completion. While this is a common pattern for CLI tools, it is a manual user action and not an automated persistence attempt by the skill itself. - [Command Execution] (SAFE): The skill uses a custom CLI tool
jira-as. This is expected behavior for a JIRA management skill and is restricted to the tools explicitly allowed in the metadata.
Audit Metadata