jira-epic-to-stories

SUSPICIOUS. The skill is mostly aligned with its stated Jira automation purpose, but it relies on a non-official third-party CLI that receives Jira credentials and can autonomously create remote issues. Data flows appear consistent with Jira usage and do not show obvious exfiltration or proxy routing, so this is better classified as moderate security risk rather than malicious behavior.