work-on-ticket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and displays user-generated Jira content (issue descriptions, comments, attachments) from the configured Jira instance (e.g., scripts/fetch-ticket.py and scripts/start-work.py call GET /rest/api/3/issue/{issueKey}) and the agent reads/formats that content as part of its workflow, exposing it to untrusted third-party input that could contain indirect prompt-injection.