jira-communication
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
scripts/core/jira-validate.pyincludes a recommendation for users to install theuvpackage manager usingcurl -LsSf https://astral.sh/uv/install.sh | sh. Whileuvis a reputable tool from Astral, piped-to-shell execution is a risky installation pattern. - [COMMAND_EXECUTION]: In
scripts/core/jira-validate.py, the skill usessubprocess.runto execute the commanduv --version. This is a controlled execution used solely to verify that the required runtime dependency is correctly installed. - [PROMPT_INJECTION]: The skill processes unstructured external data from Jira issues, such as descriptions and comments, in
scripts/core/jira-issue.pyandscripts/workflow/jira-comment.py. This creates a surface for indirect prompt injection if a ticket contains malicious instructions. - Ingestion points: Data is ingested via
scripts/core/jira-issue.py(issue fields) andscripts/workflow/jira-comment.py(comment body). - Boundary markers: No explicit delimiters or instructions are used to separate external content from the agent's internal logic.
- Capability inventory: The agent can perform significant write operations including creating/updating issues, transitioning statuses, logging work, and downloading files.
- Sanitization: The skill extracts text from Atlassian Document Format (ADF) in
scripts/lib/output.pybut does not perform semantic sanitization to detect or neutralize instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata