Skills
skills/jwmossmoz/agent-skills/jira/Gen Agent Trust Hub

jira

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill is rated MEDIUM due to its reliance on an external binary (1Password CLI) for credential management and the inherent risk of processing user-supplied content (JIRA descriptions/comments) which could be a vector for indirect prompt injection or other content-based attacks. While the use of 1Password CLI is a secure practice for credentials, it introduces an unverified external dependency and command execution.

Total Findings: 4

🟡 MEDIUM Findings: • Unverifiable External Dependency (1Password CLI)

  • Line 196 (scripts/extract_jira.py): The skill invokes the 'op' (1Password CLI) binary via subprocess.run to retrieve JIRA API tokens and email. While 1Password is a trusted vendor, the CLI is an external executable dependency not directly managed by the skill's Python package manager. Its integrity and behavior are outside the direct scope of this skill's code. • Indirect Prompt Injection Risk (Markdown Processing)
  • Line 19 (SKILL.md), Line 100 (scripts/extract_jira.py): The skill explicitly processes user-supplied Markdown content from JIRA descriptions and comments, converting it to Atlassian Document Format (ADF) using a custom markdown_to_adf function. If an attacker can control JIRA content, they could craft malicious Markdown that, if improperly parsed or re-interpreted by an LLM, could lead to indirect prompt injection or other content-based vulnerabilities. Custom parsing logic increases the attack surface.

🔵 LOW Findings: • Trusted Python Dependencies

  • Line 3 (scripts/extract_jira.py): The skill declares Python dependencies jira>=3.10.0 and requests>=2.31.0 which are standard packages from PyPI, run via uv. These are considered trusted external sources.

ℹ️ TRUSTED SOURCE References: • https://mozilla-hub.atlassian.net

  • Line 10 (SKILL.md): The skill interacts with a specific, known JIRA instance at mozilla-hub.atlassian.net. This is expected behavior for a JIRA skill and not a general data exfiltration risk.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 08:32 PM