work-on-ticket
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it processes data retrieved from external Jira tickets.
- Ingestion points: The scripts
fetch-ticket.tsandstart-work.tsfetch summary and description fields from the Jira API. - Boundary markers: No delimiters or instructions are provided to the agent to treat the fetched content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill has the capability to execute Git branch operations (creation and pushing) and update Jira ticket statuses.
- Sanitization: The fetched Jira ticket content is displayed and processed without visible sanitization or validation.
- [COMMAND_EXECUTION]: The skill performs Git and Jira operations using ticket-derived metadata (such as summaries and keys). While these are intended functions, there is a risk of command injection if the internal library implementation does not correctly sanitize these inputs before execution.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of dependencies from the official NPM registry, which is a well-known and trusted service.
Audit Metadata