jira-sprint-dashboard
Warn
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions require the agent to read local files from the user's home directory, specifically at
~/.cursor/skills-cursor/canvas/SKILL.mdand within the~/.cursor/skills-cursor/canvas/sdk/directory. Accessing application-specific configuration and SDK metadata in the home directory represents a potential data exposure risk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from Jira issues (summaries, labels, descriptions) and interpolates this content into executable code artifacts like .canvas.tsx files and HTML.
- Ingestion points: Jira work items retrieved via JQL queries.
- Boundary markers: No specific delimiters or safety instructions are defined for the interpolation of Jira data.
- Capability inventory: The skill is capable of generating local files and making network requests to Jira APIs.
- Sanitization: The instructions lack requirements for sanitizing, escaping, or validating external Jira content before it is embedded in UI code.
- [REMOTE_CODE_EXECUTION]: The skill dynamically generates executable code in the form of
.canvas.tsxfiles and interactive HTML/React artifacts at runtime. This process involves embedding potentially untrusted Jira data into script templates which are then rendered or executed by the host environment. - [COMMAND_EXECUTION]: The agent is instructed to perform file creation operations on the local filesystem, including writing
.canvas.tsxfiles to the Cursor canvases directory and creating self-contained HTML dashboard files.
Audit Metadata