022-tooling-jira

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references/022-tooling-jira.md explicitly instruct the agent to fetch Jira issue descriptions and "all comments" from a Jira Cloud site via the jira CLI—user-generated third-party content that the skill will read and use as primary source material to drive analysis and follow-up actions—so it could carry indirect prompt-injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes the Jira CLI to fetch issue descriptions/comments from a Jira Cloud site at runtime (e.g., https://your-domain.atlassian.net), and those fetched texts are injected into downstream user-story generation, meaning the external Jira URL controls agent prompts.