jira-ticket-prioritizer
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.md(Step 1) interpolate user-provided arguments into a shell command:jira issue list --jql "TICKET_INPUT". BecauseTICKET_INPUTis derived directly from$ARGUMENTS, a maliciously crafted input containing shell metacharacters (e.g., backticks,$(...), or terminating quotes and semicolons) could allow for arbitrary command execution on the host system.\n- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it fetches and processes untrusted data from external JIRA tickets to drive its logic.\n - Ingestion points: Raw JIRA ticket data (summary, description) is fetched via the
jiraCLI and saved to.jira-ticket-prioritizer-tmp/tickets/.\n - Boundary markers: Absent. The skill does not instruct the agent to use delimiters or specific safety instructions when analyzing the ticket content for dependencies or priority.\n
- Capability inventory: The skill has access to
Bash,Read,Write, andGlobtools, and it makes decisions about code repository assignments and sprint planning based on the input.\n - Sanitization: Absent. No filtering or sanitization of the ticket text is performed before it is analyzed by the LLM.\n- [REMOTE_CODE_EXECUTION]: The skill executes a Node.js script from a sibling directory in Step 2:
node ${CLAUDE_SKILL_DIR}/../jira-ticket-viewer/scripts/parse-ticket.js. This creates a dependency on external code outside of the skill's own directory structure, which may lead to the execution of unverified logic if that skill is compromised or missing.
Audit Metadata