jira-todo
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
catto read the Jira configuration file located at~/.config/.jira/.config.yml. This file is a sensitive path that often contains Jira authentication tokens or session information. - [PROMPT_INJECTION]: The skill processes summaries, descriptions, and comments from Jira tickets, which are untrusted external inputs. This introduces a risk of indirect prompt injection where malicious instructions embedded in a ticket could influence the agent's analysis or subsequent actions.
- Ingestion points: Data is fetched from Jira using
jira issue listin Phases 2 and 3 of the workflow. - Boundary markers: None. The skill lacks delimiters (such as XML tags) or instructions to the agent to ignore embedded commands within the ticket data.
- Capability inventory: The skill has access to
Bash(git, jira, cat) andTodoWritetools, which allows it to modify repositories and write task files. - Sanitization: No evidence of sanitization or escaping of the retrieved Jira ticket content is present before it is analyzed by sub-agents.
Audit Metadata