devflow-jira
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the ability to execute various JIRA management tasks through the
kdevCLI, including creating, updating, and deleting issues, as well as modifying team membership. - [EXTERNAL_DOWNLOADS]: The skill relies on the installation of an external Node.js package
@kmfe/devflow. This package is not from a verified trusted organization or well-known service listed in the analysis framework. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from JIRA tickets.
- Ingestion points: Data is ingested through commands such as
issue <key>andsearch <jql>which retrieve summaries, descriptions, and comments from the JIRA system (SKILL.md). - Boundary markers: The instructions do not define boundary markers or provide warnings to the agent to ignore instructions embedded within the JIRA data.
- Capability inventory: The agent has
Bashaccess to perform state changes, data deletion (delete), and team management (team-add,team-remove) based on its interpretation of the data (SKILL.md). - Sanitization: There is no evidence of sanitization, filtering, or escaping of the retrieved JIRA content before it is processed by the agent.
Audit Metadata