jira-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its operational design.
- Ingestion points: The agent is instructed to read configuration details from files such as
.cursor/rules/jira-config.mdc,AGENTS.md, and any other markdown files in the workspace. It also retrieves issue data (summaries, descriptions, comments) from the Jira platform using MCP search and fetch tools. - Boundary markers: There are no specific instructions or delimiters used to separate user-provided or external data from the agent's core instructions, nor are there warnings to ignore embedded commands in the ingested content.
- Capability inventory: The skill grants the agent the ability to search, create, update, and transition Jira issues, as well as add comments via multiple MCP tool functions (
createJiraIssue,editJiraIssue,addCommentToJiraIssue,transitionJiraIssue). - Sanitization: The skill does not implement validation or sanitization logic for the data it retrieves from external sources or workspace files before using it in subsequent prompts or MCP tool calls.
Audit Metadata