creating-jira-subtasks
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill and its subagent use environment-provided tools to interact with Jira APIs and manage local documentation files in the
docs/directory. These operations are strictly limited to the skill's primary objective of synchronizing task plans. - [DATA_EXFILTRATION]: The skill transmits task data to Atlassian Jira instances (
atlassian.net). As a well-known service and the primary target of the skill's intended workflow, this network communication is considered safe and legitimate. - [PROMPT_INJECTION]: The skill processes content from local plan files (
docs/<TICKET_KEY>-tasks.md) and passes it to Jira. 1. Ingestion points: Reads task details from local Markdown files; 2. Boundary markers: Uses specific task headers (e.g.,## Task <N>:) to identify content; 3. Capability inventory: Performs Jira API writes and local file updates; 4. Sanitization: Employs fixed Wiki-Markup templates for subtask descriptions. While this creates an indirect prompt injection surface, it is necessary for the skill's purpose and mitigated by structured templates and validation steps.
Audit Metadata