jira-read

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly calls the Jira API (e.g., "步骤 2" calls jira_get_issue and jira_download_attachments) and parses issue descriptions and comment history in "步骤 3" (and reference.md notes "数据来源: mcp-atlassian API"), so untrusted, user-generated Jira content is fetched and read and can influence tool actions such as whether to download attachments and how the agent proceeds.