The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill lacks sufficient isolation when processing untrusted content from JIRA tickets. An attacker who can edit a JIRA ticket could inject instructions to override the agent's logic.\n
Ingestion Point: The skill uses jira issue view TICKET-KEY to fetch ticket details, including descriptions and acceptance criteria, which are external, untrusted data sources.\n
Boundary Markers: No delimiters or isolation markers are defined in the instructions to separate untrusted ticket content from the agent's system instructions.\n
Capability Inventory: The skill contains commands to modify the JIRA database, specifically jira issue edit, which creates a high-risk path for an injected instruction to perform unauthorized modifications.\n
Sanitization: There is no evidence of input validation or sanitization before the retrieved data is processed by the AI for estimation analysis.\n- Command Execution (MEDIUM): The skill executes shell commands using the jira CLI. While intended for its core functionality, the combination of executing commands based on untrusted input without strict validation of the input fields poses a risk of argument injection or unintended tool usage.

JIRA Story Point Estimator