jira-defect-analysis
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of
curlcommands to interact with Jira APIs and executespythonsnippets to parse JSON data and Excel files. - [CREDENTIALS_UNSAFE]: The instructions explicitly direct the agent to use
keyflow_get_env_snippetwith the parametermask_values=falsewhen retrieving Jira credentials. This is a dangerous practice that may lead to sensitive authentication tokens being exposed in plain text within the agent's output, history, or platform logs. - [DATA_EXFILTRATION]: The skill's primary function involves reading sensitive data from Jira, Google Sheets, and local source code repositories. While this is the stated purpose, the combination of broad read access with the ability to write to external services (Jira comments, Google Sheets) creates a risk if the agent is manipulated.
- [PROMPT_INJECTION]: The skill processes untrusted content from Jira issue descriptions, comments, and Google Sheet cells, which constitutes an indirect prompt injection surface.
- Ingestion points: Jira issue fields (summary, description, comments, attachments), Google Sheet cells, and local source code files (SKILL.md, Step 2).
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the processed data.
- Capability inventory: The skill possesses network capabilities via
curl(Jira API), write access to Google Sheets (batchWrite,writeSpreadsheet), and local file system access (Grep,Read). - Sanitization: Absent. There is no evidence of validation or sanitization of the data ingested from Jira or Sheets before it is processed or used in further actions.
Audit Metadata