jira-cli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) due to processing untrusted data with write capabilities.\n
- Ingestion points: Data enters the agent context through
jira issue list,jira issue view, andcurlresponses containing ticket summaries, descriptions, and comments.\n - Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat external Jira content as untrusted.\n
- Capability inventory: The skill allows for significant side effects including
jira issue create,edit,move, andcomment add, as well as arbitrary network requests viacurlto the Jira API.\n - Sanitization: Absent. There is no evidence of validation or filtering of content retrieved from Jira.\n- [CREDENTIALS_UNSAFE] (HIGH): The skill retrieves sensitive credentials (
JIRA_API_TOKEN,JIRA_USER) from thepsstglobal vault. This creates a risk of credential exposure or misuse if the agent is manipulated via prompt injection.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Requires the installation ofankitpokhrel/jira-cli, which is an external dependency from a non-trusted GitHub user account.\n- [COMMAND_EXECUTION] (LOW): Uses subprocesses to executejira,psst,curl, andjq. While necessary for functionality, these tools provide the agent with local execution capabilities.
Recommendations
- AI detected serious security threats
Audit Metadata