jira-bug
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
run_commandtool to executegit diff --stagedto retrieve local code changes for analysis. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted data from Jira tickets.
- Ingestion points: Summary and Description fields are retrieved via
mcp_atlassian-mcp-server_getJiraIssuein SKILL.md. - Boundary markers: No delimiters or protective instructions are used to separate ticket data from agent instructions.
- Capability inventory: The skill has access to the
run_commandtool and themcp_atlassian-mcp-server_addCommentToJiraIssuetool. - Sanitization: There is no evidence of sanitization or validation of the content retrieved from Jira.
Audit Metadata