opsx-jira-fix-workflow
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No indicators of credential theft, malicious persistence, privilege escalation, or unauthorized remote code execution were found in the skill instructions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from Jira issue descriptions and comments. However, this risk is mitigated by the requirement for user confirmation in manual modes and the structured, phase-based execution logic.
- Ingestion points: Reading of Jira issue data (descriptions, comments, attachments) in Phase 1.
- Boundary markers: The instructions do not specify explicit delimiters or warnings to ignore embedded instructions within Jira content.
- Capability inventory: Git operations (branching/commits), local file system write access (OpenSpec directory), and Jira API operations (issue transitions and comments).
- Sanitization: No specific sanitization or filtering logic is prescribed for the data retrieved from external Jira tickets.
Audit Metadata