jira
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/extract_jira.pyexecutes the 1Password CLI (op) to retrieve authentication tokens and usernames. The command is invoked using a list of arguments rather than a shell string, which is a secure implementation that prevents command injection. - [EXTERNAL_DOWNLOADS]: The skill communicates with the Atlassian Cloud JIRA API (
mozilla-hub.atlassian.net). This is a well-known service and is the intended target for the skill's operations. - [PROMPT_INJECTION]: The skill processes untrusted data (issue descriptions and comments) from JIRA, creating a potential surface for indirect prompt injection.
- Ingestion points: JIRA issue data is fetched in the
fetch_all_storiesandlist_commentsfunctions inscripts/extract_jira.py. - Boundary markers: Absent; external content is returned to the agent without specific delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill has the ability to execute local commands (1Password CLI), perform network operations (JIRA API), and write extracted data to the local file system.
- Sanitization: The script extracts plain text from Atlassian Document Format (ADF) but does not include any safety-specific sanitization or filtering of the content for malicious instructions.
Audit Metadata