Skills
skills/oimiragieo/agent-studio/jira-pm/Gen Agent Trust Hub

jira-pm

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to the way it handles external data.
  • Ingestion points: Untrusted data enters the context through search, get-issue, and get-comments tools which fetch content from external Jira instances.
  • Boundary markers: The instructions lack delimiters or specific directives to the agent to disregard instructions embedded within the retrieved Jira content.
  • Capability inventory: The agent is authorized to use Bash, Read, and WebFetch tools as defined in the SKILL.md metadata.
  • Sanitization: There is no evidence of sanitization, validation, or escaping of the Jira content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill frontmatter in SKILL.md explicitly requests the Bash tool. This allows for the execution of arbitrary shell commands, which presents a significant capability that could be misused if the agent is successfully influenced by malicious instructions found in Jira data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 11:02 AM