jira-daily
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local system commands including
jira,git,cat, anddate. Specifically, it reads the local Jira configuration file located at~/.config/.jira/.config.ymlto extract the project key using a grep/awk pipeline. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. It ingests untrusted data from external sources, specifically Jira issue summaries, descriptions, and git commit messages (Phase 3). This content is subsequently passed to sub-agents for classification and impact analysis (Phase 4). There are no documented boundary markers or sanitization steps to prevent malicious instructions embedded in Jira tickets or commit logs from influencing the agent's output or behavior.
- [EXTERNAL_DOWNLOADS]: The skill requires the external tool
jira-clito be installed from a public GitHub repository (ankitpokhrel/jira-cli). This is a standard dependency for the skill's functionality.
Audit Metadata