Skills
skills/elzawarudo/krt/krt-jira-scribe/Gen Agent Trust Hub

krt-jira-scribe

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes untrusted data from an external Jira instance (issue summaries, descriptions, and comments).
  • Ingestion points: Searches and reads issues via /rest/api/2/search and /rest/api/2/issue/{key} (referenced in SKILL.md and references/jira-api.md).
  • Boundary markers: None explicitly defined to separate Jira content from agent instructions.
  • Capability inventory: Executes shell commands via curl for reading and writing data, and performs status transitions.
  • Sanitization: No explicit sanitization or validation of the retrieved Jira content is mentioned before it is displayed or used in prompts.
  • [COMMAND_EXECUTION]: The skill provides explicit instructions to bypass privacy/security filters implemented by command wrappers like rtk that may mask sensitive environment variables.
  • Evidence: SKILL.md and references/jira-api.md contain instructions to use direct shell checks (e.g., [[ -n "$JIRA_HOST" ]]) specifically because automated filters might hide these variables from the agent's view.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:56 AM