The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation instructions in the SKILL.md file recommend downloading and executing a script directly from a remote GitHub repository using a pipe to shell command (curl -sSfL https://raw.githubusercontent.com/jorgemuza/orbit/main/install.sh | sh). This allows for arbitrary code execution on the host system without prior verification of the script content.
[COMMAND_EXECUTION]: The skill uses the orbit CLI to interact with Jira. It constructs shell commands using various flags and arguments derived from user input or remote data (e.g., issue summaries, descriptions, and custom field values). If not properly sanitized by the CLI, this could lead to command injection.
[DATA_EXFILTRATION]: The skill provides commands to export entire Jira epic hierarchies to the local file system (jira export) and download attachments from tickets (jira issue download). These features facilitate the transfer of potentially sensitive organizational data from a managed cloud environment to local storage.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted content from Jira issues (comments and descriptions) and has access to destructive tools.
Ingestion points: Commands like jira issue view, jira issue list, and jira export ingest content from external Jira tickets into the agent's context.
Boundary markers: No explicit instructions or delimiters are provided to the agent to distinguish between its own instructions and the content retrieved from Jira.
Capability inventory: The skill includes commands that can modify or delete data, such as jira issue move, jira issue comment, and jira issue delete --cascade.
Sanitization: There is no mention of sanitizing or validating the content retrieved from Jira before it is processed by the agent.

jira