git-jira-branch
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (specifically command injection) because it takes untrusted input from the user (the Jira ticket number) and interpolates it directly into shell commands. An attacker could provide a payload like 'TICKET-123; rm -rf /' to execute unauthorized commands.
- Ingestion points: Ticket number extracted from the user's message in SKILL.md.
- Boundary markers: Double quotes are used in 'git branch --list' but are entirely missing from the shell execution command 'sh ~/.config/helpers/switchToJiraBranch.sh '.
- Capability inventory: Shell execution capabilities via 'git' and 'sh' subprocess calls.
- Sanitization: No sanitization, validation, or escaping of the ticket number variable is present.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local shell script located at '~/.config/helpers/switchToJiraBranch.sh'. This script is not provided within the skill files, making it an unverifiable dependency that could perform unintended actions on the host system.
Audit Metadata