sigma-atlassian-toolkit
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell tools (
curlandjq) to perform Jira Cloud REST API operations. It involves taking data retrieved from the Jira instance (such as option values and context names) and incorporating it into shell commands. The instructions do not specify sanitization or escaping of these values, creating a risk of command injection if the source data contains malicious shell metacharacters. - [DATA_EXFILTRATION]: The skill requires sensitive credentials including
JIRA_API_TOKENandJIRA_EMAIL. These credentials are used incurlcommands sent to a variableJIRA_BASE_URL. Without validation of the base URL domain, there is a risk that these credentials could be sent to an attacker-controlled endpoint if the URL is misconfigured or manipulated via injection. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from an external Jira site.
- Ingestion points: Data enters via
jira_get_field_optionsand various Jira REST APIGETendpoints used to fetch existing contexts and options. - Boundary markers: None. The skill does not define delimiters or provide instructions to the agent to treat the retrieved data as untrusted content.
- Capability inventory: The skill has significant capabilities, including local shell access (
curl,jq) and the ability to perform authenticated write operations (POST,PUT) on the Jira instance. - Sanitization: None detected. There are no steps provided to validate or escape external data before it is processed or used in subsequent API calls.
Audit Metadata