skills/atlassian/twg-cli/twg/Gen Agent Trust Hub

twg

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill interacts with the local environment by executing the twg binary and jq for processing structured JSON data. It includes specific safety instructions to avoid running administrative or credential-related commands (setup, login, logout, etc.) during standard requests.
  • [INDIRECT_PROMPT_INJECTION]: As a tool designed to ingest data from Jira issues, Confluence pages, and Bitbucket pull requests, it has an inherent attack surface for indirect prompt injection. The skill processes data from these external sources which could contain malicious instructions meant to influence the agent's behavior during synthesis.
  • [DATA_EXPOSURE]: The skill is designed to handle sensitive organizational data (work items, employee profiles, project risks). However, it follows best practices by using $TMPDIR for temporary storage and advising against command prefixes that might bypass runtime authorization checks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 01:55 AM
Security Audit — agent-trust-hub — twg