The Agent Skills Directory

PROMPT_INJECTION (HIGH): High susceptibility to Indirect Prompt Injection (Category 8) due to the combination of data-ingestion capabilities and administrative side effects.
Ingestion points: The skill facilitates reading untrusted content from external sources via getIssue (references/operations/getIssue.md), getComments (references/operations/getComments.md), and search (references/operations/search.md).
Boundary markers: Absent. The documentation lacks guidance on using delimiters or instruction-ignore warnings to protect the agent from embedded malicious commands.
Capability inventory: The skill enables high-privilege operations including changeUserPassword (references/operations/changeUserPassword.md), deleteProject (references/operations/deleteProject.md), createUser (references/operations/createUser.md), and system reindex (references/operations/reindex.md).
Sanitization: Absent. No sanitization or validation logic is defined for data retrieved from Jira before it is processed by the agent.
DATA_EXFILTRATION (LOW): The skill defines network operations to a remote Jira instance (http://example.com:8080/jira/rest/). While functional, this represents the pathway for data movement to an external domain.
NO_CODE (SAFE): The skill consists of 375 markdown files and contains no executable scripts (Python, Node.js, etc.), reducing the risk of direct remote code execution or persistence.
CREDENTIALS_UNSAFE (LOW): references/operations/addAttachment.md contains a hardcoded admin:admin credential in a curl example. This is identified as a common documentation placeholder rather than an active secret.

jira-8-13-17