022-tooling-jira
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
jiraCLI to interact with Jira workspaces. It includes a mandatory interactive check usingcommand -v jiraorjira versionto verify the tool's availability before any issue-related commands are issued. - [EXTERNAL_DOWNLOADS]: Provides user guidance for installing the Jira CLI through trusted and well-known package managers such as Homebrew, APT, and Chocolatey.
- [SAFE]: Contains strict instructions prohibiting the agent from requesting or displaying Jira API tokens or credentials in the chat, instead directing users to perform local configuration via
jira configure. - [PROMPT_INJECTION]: The skill processes untrusted data by retrieving issue descriptions and comments from Jira. This represents an indirect prompt injection surface inherent to its function of requirement analysis. (Ingestion points:
jira issue viewoutput in references/022-tooling-jira.md; Boundary markers: Absent; Capability inventory:jira issue create,jira issue transitionin references/022-tooling-jira.md; Sanitization: Absent).
Audit Metadata