The Agent Skills Directory

[DATA_EXPOSURE]: The script scripts/get-cloud-id.cjs logs the entire connectionDetails JSON object if it cannot automatically parse the Jira Cloud ID. This object, retrieved from the Nango API, typically contains highly sensitive information such as OAuth access tokens, refresh tokens, and provider-specific credentials. Exposing this data to the agent's output makes it available in logs and the agent's reasoning context.
[COMMAND_EXECUTION]: Setup instructions in SKILL.md and the provided scripts require the NANGO_SECRET_KEY to be passed as a command-line argument. This is a security anti-pattern as command-line arguments are often visible to other users on the system via process monitoring tools (like ps) and are typically recorded in shell history files.
[EXTERNAL_DOWNLOADS]: The skill's scripts perform network requests to api.nango.dev. This is the official endpoint for Nango, a well-known service for managing third-party integrations. This communication is required for the skill to retrieve Jira connection metadata and proxy API calls.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the following evidence chain:
Ingestion points: External data is fetched from Jira projects and issue types via scripts/get-issue-types.cjs and scripts/get-projects.cjs.
Boundary markers: There are no delimiters or explicit instructions to ignore embedded commands when processing the external JSON data.
Capability inventory: The skill has the ability to execute network requests (via local scripts) and create issues in Jira (via the nango-mcp-server_create_issue tool).
Sanitization: There is no evidence of sanitization or validation performed on the strings returned from the Jira API. Malicious content within a Jira instance (e.g., a project name or issue description) could potentially influence the agent's behavior.

jira-issue-manager