task-planner
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill retrieves untrusted data from Jira ticket descriptions and comments to generate prompts for subsequent AI sessions. Malicious content within a Jira ticket could influence the behavior of the AI agent receiving the generated prompt.
- Ingestion points: Jira issue details are fetched using mcp__mcp-atlassian__jira_get_issue and mcp__mcp-atlassian__jira_search.
- Boundary markers: While the output prompts are enclosed in code blocks, there are no instructions for the agent to sanitize the input or warn about potential embedded instructions.
- Capability inventory: The skill reads external Jira data and suggests writing output to the local filesystem (e.g., ~/prompts/).
- Sanitization: No evidence of content sanitization, filtering, or escaping of the retrieved Jira data is performed before it is included in the output prompt.
Audit Metadata