Skills
skills/softaworks/agent-toolkit/jira/Gen Agent Trust Hub

jira

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to read external data from Jira tickets (ingestion points: getJiraIssue, jira issue view) and use that context to perform actions. Since it has broad write and execution capabilities (create, update, transition, shell commands), an attacker could embed malicious instructions in a Jira ticket to manipulate the agent's behavior. No boundary markers or sanitization procedures are defined in the skill instructions.
  • [Command Execution] (HIGH): The skill relies on the jira CLI, instructing the agent to execute shell commands. It uses dynamic command assembly and subshell execution patterns (e.g., $(jira me), $(cat /tmp/jira_body.md)), which increases the risk of command injection if data from the conversation or external sources is interpolated without strict validation.
  • [External Downloads] (MEDIUM): The skill recommends installing the jira CLI from a third-party repository (ankitpokhrel/jira-cli) which is not within the defined trusted source scope. This introduces a dependency on unverified external code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:55 PM