jira-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection because it is designed to read and process data from an external source (Jira) that may be controlled by third parties.
- Ingestion points: Data enters the agent's context through commands like
jira issue list,jira issue view, andjira epic listas documented inSKILL.mdandreferences/workflows.md. - Boundary markers: The instructions do not specify any delimiters or safety markers to isolate external ticket content from the system prompt.
- Capability inventory: The skill provides significant capabilities, including creating issues, editing ticket statuses, and adding comments (
jira issue create,jira issue move,jira issue comment add), which could be misused if the agent obeys instructions embedded in a ticket. - Sanitization: There is no evidence of sanitization or filtering of external data before it is presented to the agent.
Audit Metadata