jira
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates a helper shell script at
/tmp/jira-curland modifies its permissions usingchmod +x. This script acts as a wrapper for all subsequentcurloperations to the Jira API. - [DATA_EXFILTRATION]: While the skill uses environment variables for the
JIRA_API_TOKEN, the helper script is stored in/tmp. On multi-user or shared systems, the use of predictable paths in temporary directories for scripts handling authentication headers can lead to local credential exposure or session hijacking if not properly scoped. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting external data from Jira.
- Ingestion points: Fetches issue summaries, descriptions, and comments from external Jira projects via API endpoints.
- Boundary markers: There are no explicit delimiters or 'ignore' instructions provided when the agent processes retrieved ticket content.
- Capability inventory: The skill possesses file-writing capabilities, network access via
curl, and the ability to execute generated scripts. - Sanitization: The data fetched from Jira (which could be controlled by an external attacker adding comments to a ticket) is passed to the agent without sanitization, potentially allowing malicious instructions in a ticket to influence the agent's behavior.
Audit Metadata