jira-search-jql
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from Jira, creating a surface for indirect prompt injection where malicious instructions in issue fields could influence agent behavior. Ingestion points: Issue summaries, descriptions, and comments are read by scripts like jql_search.py and export_results.py. Boundary markers: No specific delimiters or safety warnings for the LLM are documented for these data streams. Capability inventory: The skill has Jira API access and local file system write permissions for data exports. Sanitization: No sanitization or validation of the retrieved Jira content is described.
- Data Exposure & Exfiltration (SAFE): The skill correctly handles authentication by recommending the use of environment variables ($JIRA_API_TOKEN) and providing links to official Atlassian security settings. No hardcoded credentials or sensitive system file accesses were identified.
- Command Execution (SAFE): Documentation describes a suite of local Python scripts used for Jira interactions. The command patterns are standard for CLI tools and align with the skill's stated purpose.
- Persistence Mechanisms (SAFE): No attempts to establish persistence, such as modifying shell profiles or creating scheduled tasks, were found.
- Metadata Poisoning (SAFE): The metadata provided in the JSON configuration files is descriptive and accurate to the skill's functionality.
Audit Metadata