jira-todo

The Jira Todo skill appears coherent with its stated purpose: it analyzes Jira ticket data via jira-cli, prioritizes work, and outputs a structured plan along with a to-do tracking step. The footprint is proportionate (local config access, Jira CLI interaction, and TodoWrite updates) and does not display dangerous data flows or credential-forwarding patterns. The main risks are typical for developer tooling (local credential access, dependency on jira-cli, and local config exposure) but there are no indicators of external data exfiltration or unverified binary installation. Overall, the skill is BENIGN with MEDIUM-low security risk due to local credential/config access and reliance on a trusted CLI tool.