workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external data from JIRA tickets, which represents a vulnerability surface where a malicious ticket description could attempt to influence the agent's behavior.
- Ingestion points: JIRA ticket data processed in Phase 1 and Phase 2 via
get_ticket.ts. - Boundary markers: None identified; ticket content is processed for planning without explicit delimiters or warnings to ignore embedded instructions.
- Capability inventory: Includes shell command execution (
npm install,git push), local script execution, file writing (PLAN.md), and API interactions via JIRA and GitHub scripts. - Sanitization: The skill does not describe any sanitization or validation steps for content retrieved from JIRA.
- [Command Execution] (SAFE): The skill executes various shell commands and local scripts (e.g.,
git,npx,npm). These actions are standard for the intended development workflow and do not show signs of malicious intent. - [External Downloads] (SAFE): Standard package management commands like
npm installare utilized to set up project environments. This is expected behavior for the context of this skill.
Audit Metadata