044-planning-jira
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements proactive defenses by treating all external Jira issue content as untrusted data and requiring human-in-the-loop sanitization before ingestion. It explicitly instructs the agent to ignore instructions embedded in issue summaries in both SKILL.md and references/044-planning-jira.md.
- [CREDENTIALS_UNSAFE]: Guidelines in the skill strictly prohibit the display or input of API tokens and secrets within the chat interface, directing users to use the CLI's native secure configuration prompts and OS-level credential stores.
- [EXTERNAL_DOWNLOADS]: Installation instructions leverage established and trusted package managers such as Homebrew and Chocolatey, or link directly to official Atlassian security settings for token management.
- [COMMAND_EXECUTION]: The workflow uses an interactive gate to verify the presence of the Jira CLI before execution, preventing unexpected shell errors or attempts to simulate behavior from missing tools.
Audit Metadata