jira-workflow-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-risk vulnerability surface by processing untrusted external data (Jira requirements and workflow patterns) while possessing the capability to execute commands and modify files.
- Ingestion points: External Jira workflow specifications and user requests (SKILL.md).
- Boundary markers: Absent; no delimiters or instructions to ignore embedded instructions are defined.
- Capability inventory: Access to 'Bash', 'Write', and 'Edit' tools (SKILL.md metadata).
- Sanitization: Absent; no logic is provided to escape or validate external content before processing.
- Command Execution (HIGH): The skill metadata explicitly requests the 'Bash' tool. In the absence of specific scripts or constrained command logic, this grant of shell access can be exploited by an attacker who can influence the data being read by the skill.
Recommendations
- AI detected serious security threats
Audit Metadata