jira-daily

The Jira Daily skill is largely coherent with its stated purpose: it aggregates Jira and Git data to produce structured standup reports in multiple formats. The footprint is proportionate, relying on standard development tools (jira-cli, git, Bash) and local configuration. A notable risk is the explicit reading of a Jira CLI config file to detect the project key, which may contain credentials; this is justified for the task but warrants careful credential handling and minimization of sensitive data exposure. No evidence of external data exfiltration or unverifiable binaries is present. Overall, the skill is BENIGN with moderate security risk due to local credential access, categorized as SECURITYRISK around 0.25 and MALWARE around 0.05. Recommendation: ensure config files used do not contain secrets or are restricted to non-secret fields, and consider explicit prompting for permission to read credentials when necessary.