The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to perform repository analysis and filesystem management. This includes identifying the current branch, fetching git logs, generating diffs, and creating report directories/files. These actions are appropriate for the skill's stated purpose.
[COMMAND_EXECUTION]: Potential vulnerability to command injection exists in Step 1. If a user provides a maliciously crafted issue key containing shell metacharacters (e.g., ; rm -rf /), and the agent incorporates it directly into the touch command string, it could lead to arbitrary command execution. While the instructions suggest a regex pattern for extraction from branches, they do not mandate strict validation for direct user input.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted data from external sources and git history to generate its output.
Ingestion points: Jira issue context retrieved via mcp__atlassian__getJiraIssue, manually provided issue text, git commit messages, and file diffs.
Boundary markers: Absent. The instructions do not define delimiters or specific system-level warnings to distinguish between instructional content and the external data being processed.
Capability inventory: The agent has access to Bash (git and filesystem operations), the Write tool (local file creation), and mcp__atlassian__getJiraIssue (external data retrieval).
Sanitization: Absent. There is no explicit requirement to sanitize or escape content from the Jira issue or git history before it is analyzed or written to the local markdown report.

jira-report-comment