Skills
skills/grandcamel/jira-assistant-skills/jira-lifecycle-management/Gen Agent Trust Hub

jira-lifecycle-management

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill requires the Bash tool to execute jira-as commands. Many commands involve string interpolation of user-provided data or JIRA-sourced strings (e.g., status names, project IDs, and JSON field values). This presents a potential surface for command parameter injection if inputs are not properly sanitized by the underlying agent or CLI tool.
  • [CREDENTIALS_UNSAFE] (LOW): The 'Configuration' section explicitly requests sensitive credentials (JIRA_API_TOKEN, JIRA_EMAIL) as environment variables. While these are necessary for JIRA integration, their use requires careful environment management to prevent exposure.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from JIRA (issue descriptions, component names, version names) and processes it.
  • Ingestion points: Data returned by jira-as lifecycle transitions and version list commands.
  • Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded within retrieved JIRA data.
  • Capability inventory: Access to Bash, Read, Grep, and Glob tools.
  • Sanitization: No evidence of sanitization for retrieved JIRA content is provided in the skill definition.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:46 PM