Skills
skills/visualxintelligence/agent-toolkit/jira/Gen Agent Trust Hub

jira

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill is well-documented with explicit safety guidelines and a clear purpose. It does not contain direct malicious code, obfuscation, or attempts at privilege escalation or persistence. However, it recommends the installation of an external command-line interface (CLI) tool, ankitpokhrel/jira-cli, from a GitHub repository that is not on the list of trusted sources. The security of the skill, when using the CLI backend, is therefore dependent on the security of this unverified external tool. Additionally, as the skill processes external Jira data, there is an inherent, albeit mitigated, risk of indirect prompt injection.

Total Findings: 3

🟡 MEDIUM Findings: • Unverifiable External Dependency

  • Line 150 (README.md): The skill recommends installing ankitpokhrel/jira-cli via brew install ankitpokhrel/jira-cli/jira-cli and provides a direct download link from https://github.com/ankitpokhrel/jira-cli/releases. This is an external dependency from a non-trusted GitHub organization. The security of this CLI tool cannot be verified as part of this analysis, posing a potential risk if the tool itself were compromised or malicious.

🔵 LOW Findings: • Potential for Indirect Prompt Injection

  • Line 1 (README.md): The skill is designed to interact with and process data from Jira (e.g., issue summaries, descriptions, comments). While the skill includes safety checks like requiring approval before modifications, there's a general risk that malicious instructions embedded within Jira data could potentially influence the LLM's behavior. This is an inherent risk when processing external, user-controlled content.

ℹ️ TRUSTED SOURCE References: • Legitimate API Interaction with Credentials

  • Line 270 (references/mcp.md): A curl command is provided as a manual instruction to query the Jira API for link types, using environment variables $JIRA_USER, $JIRA_API_TOKEN, and $JIRA_BASE_URL. While this involves handling credentials, the curl command targets the user's own Jira instance (via $JIRA_BASE_URL) for a legitimate API call, not an external malicious server. The skill's primary MCP mechanism relies on 'Claude settings' for credentials, which is generally safer. This finding is informational as it's a manual instruction for the user, not an automated action by the skill to exfiltrate data.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 10:44 PM