plan-jira-ticket
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directly interpolates the
$ARGUMENTSvariable into shell commands foracliandgitwithout quoting or sanitization, creating a risk of command injection if shell metacharacters are included in the ticket ID. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from Jira tickets.
- Ingestion points: Data retrieved from Jira via
acli jira workitem view. - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore commands within the ticket body.
- Capability inventory: The agent can modify Jira ticket statuses and manage local/remote git branches.
- Sanitization: No validation or escaping is performed on external ticket content before processing.
Audit Metadata