jira-integration
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from Jira issue fields, which could contain malicious instructions designed to influence agent behavior (Indirect Prompt Injection).
- Ingestion points:
jira-issue.pyandjira-search.pyretrieve and display content (summaries, descriptions, comments) from external Jira instances. - Boundary markers: The skill does not implement specific delimiters or safety instructions to help the agent distinguish between ingested content and system instructions.
- Capability inventory: The skill possesses extensive write capabilities, including the ability to create and update issues, transition statuses, and add comments via scripts such as
jira-create.pyandjira-update.py. - Sanitization: No sanitization or content filtering is performed on the data retrieved from Jira before it is presented to the agent.
- [EXTERNAL_DOWNLOADS]: The skill includes functionality for downloading external files and recommends tool installation from remote sources.
jira-attachment.pyallows downloading Jira attachments to the local filesystem using therequestslibrary.- Documentation in
README.mdand error messages injira-validate.pyrecommend installing theuvtool via a piped shell script fromastral.sh, which is a well-known and reputable service in the developer community. - [COMMAND_EXECUTION]: The skill executes local system commands as part of its environment validation process.
jira-validate.pyrunsuv --versionusingsubprocess.runto verify the presence and version of the required package manager.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata