Skills
skills/kadel/claude-plugins/use-jira-cli/Gen Agent Trust Hub

use-jira-cli

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the jira CLI tool to manage project tasks. It appropriately mandates the use of non-interactive flags such as --plain, --raw, and --no-input to ensure the agent does not hang waiting for user input.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from an external source.
  • Ingestion points: Data from Jira issues, including summaries, descriptions, and comments, is pulled into the agent's context via commands like jira issue view and jira issue list.
  • Boundary markers: The skill lacks explicit delimiters or instructions for the agent to ignore or isolate instructions found within the retrieved Jira data.
  • Capability inventory: The agent has the capability to perform write operations in Jira (creating issues, editing content, adding comments, and transitioning statuses) based on the processed data.
  • Sanitization: No sanitization or validation steps are defined to filter malicious payloads or instructions embedded in the issue metadata or body.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 02:14 PM