jira-cli
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from an external source (Jira) which could contain embedded malicious instructions.
- Ingestion points: Data enters the agent's context through
jira issue view,jira issue list, andjira sprint listcommands. - Boundary markers: The instructions lack explicit boundary markers or directions to ignore instructions within the retrieved content.
- Capability inventory: The skill allows for various CLI-based operations including issue creation, modification, and deletion via the
jiracommand. - Sanitization: No evidence of sanitization or filtering for the external content before it is processed by the agent.
- [External Downloads] (LOW): The skill relies on an external binary
jira-cli(hosted atgithub.com/ankitpokhrel/jira-cli). While this is a widely-used open-source tool, it is not from a predefined trusted organization, and its security depends on the user's installation environment. - [Command Execution] (SAFE): The skill uses subprocess calls to interact with the Jira CLI. The instructions correctly advise using
--templatefiles and--no-inputflags, which helps mitigate risks associated with shell escaping and interactive prompt injection.
Audit Metadata