reading-and-writing-jira-tickets
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: A critical shell command injection vulnerability exists in
scripts/get_ticket_summary.sh. The positional argumentTICKET_IDis interpolated directly into a double-quoted string used in a subshell command (TICKET_DATA=$(... "... issueIdOrKey: \"$TICKET_ID\", ...")). This allows attackers to execute arbitrary shell commands using syntax like$(command)within the ticket ID input. - [DATA_EXFILTRATION]: The identified command execution vulnerability directly enables the exfiltration of sensitive information, including environment variables, local configuration files (such as SSH or cloud credentials), and data retrieved from the Jira API, to attacker-controlled external endpoints.
- [COMMAND_EXECUTION]: The usage guidelines in
SKILL.mdpromote a pattern for variable interpolation ("'$VAR'") in shell commands that is susceptible to shell breakout if the variable content is untrusted. This pattern can lead to unintended command execution during automated workflows. - [COMMAND_EXECUTION]: Indirect Prompt Injection Surface:
- Ingestion points: User-provided
TICKET_IDargument inscripts/get_ticket_summary.shand external data from Jira ticket fields (summary, description) processed by the helper scripts. - Boundary markers: No delimiters or instruction-separation warnings are present in the scripts or the skill's markdown instructions.
- Capability inventory: The skill utilizes subprocess execution via
mcporterand local shell scripts, with the ability to modify Jira tickets and post comments. - Sanitization: Input validation and escaping are absent in the scripts, allowing raw external data to influence the shell execution context.
Recommendations
- AI detected serious security threats
Audit Metadata