acli-jira
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the
acliCLI tool to interact with Jira Cloud services (SKILL.md). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted data from Jira summaries, descriptions, and comments.
- Ingestion points: External data is read into the agent context via
acli jira workitem view,acli jira workitem search, andacli jira workitem comment listin SKILL.md. - Boundary markers: The instructions lack markers or delimiters to help the agent distinguish between its own instructions and the data retrieved from Jira.
- Capability inventory: The skill allows the agent to create/modify tickets, transition statuses, and execute shell commands, providing a significant action surface for injected instructions.
- Sanitization: No sanitization or validation logic is specified for the data retrieved from external Jira fields.
- [DATA_EXFILTRATION]: The
acli jira workitem createcommand includes a--description-fileparameter. This allows the agent to read the content of a local file and upload it as a Jira ticket description. This capability could be exploited to exfiltrate sensitive local files if the agent is manipulated into reading them and attaching the content to a public or accessible Jira ticket.
Audit Metadata