Jira Issue Triage and Routing
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external Jira issues.
- Ingestion points: Untrusted data enters the agent context through Jira issue fields such as titles, descriptions, and stack traces used during the classification and triage steps (SKILL.md).
- Boundary markers: The instructions do not define clear delimiters or "ignore embedded instructions" warnings for the processed ticket data.
- Capability inventory: The skill has capabilities to "spawn agents", "Update Jira labels", and "assign workflow", which could be triggered or influenced by malicious instructions embedded in a ticket (SKILL.md).
- Sanitization: No sanitization, escaping, or validation logic is present to filter malicious content from the Jira issue input.
Audit Metadata