JIRA Ticket Creator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes shell commands for the
jira-clitool (e.g.,jira issue createandjira issue view) to automate ticket management within the HYPERFLEET project. These operations are restricted to the skill's primary purpose and use standard CLI patterns. - [PROMPT_INJECTION]: The skill ingests untrusted user content to populate JIRA ticket summaries and descriptions, creating an indirect prompt injection surface. However, it follows security best practices to mitigate this risk.
- Ingestion points: User-provided text for JIRA ticket fields collected in the
Gather Requirementssection of SKILL.md. - Boundary markers: The instructions explicitly require using quoted heredocs (
'EOF') to ensure user input is treated as literal text during file creation. - Capability inventory: Subprocess calls to
jira-clifor ticket creation and retrieval. - Sanitization: User input is stored in temporary files before being referenced by the CLI tool using double-quoted command substitution, which prevents word splitting and additional shell expansion.
Audit Metadata