sdapp-jira-log
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows best practices by requiring explicit user approval before performing state-changing operations (logging work).
- [SAFE]: The use of Atlassian MCP tools is consistent with the skill's stated purpose, and no unauthorized data exfiltration patterns were identified.
- [INDIRECT_PROMPT_INJECTION]: The risk of indirect injection via Jira data is assessed as safe due to the implementation of mandatory human-in-the-loop confirmation. 1. Ingestion points: Jira ticket summaries are fetched in Step 3. 2. Boundary markers: Data is delimited within markdown tables in Step 4. 3. Capability inventory: The skill uses addWorklogToJiraIssue in Step 8. 4. Sanitization: User input for hours is parsed, and Step 7 requires explicit user verification before tool execution.
Audit Metadata