jira
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The 'Troubleshooting Auth' section in SKILL.md instructs the agent to locate and display JIRA_API_TOKEN values by reading files such as ~/.env.jira and ~/.config/.jira/.config.yml, exposing these secrets directly to the agent's context.
- [COMMAND_EXECUTION]: The skill directs the agent to perform a broad recursive search (grep -rl) for 'JIRA' across the user's entire ~/Code/ directory, which could lead to the unintended exposure of other sensitive configuration files.
- [DATA_EXFILTRATION]: By guiding the agent to find and output secrets into the session history, the skill facilitates the leakage of sensitive credentials to the platform provider's logs or any user with access to the session.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when processing data from Jira issues. (1) Ingestion points: scripts/jira_context.rb fetches descriptions and comments from external Jira tickets. (2) Boundary markers: There are no delimiters or specific instructions to treat this content as untrusted data. (3) Capability inventory: The skill has extensive permissions to modify Jira issues, transition statuses, and run shell/Ruby scripts. (4) Sanitization: No validation or filtering is implemented to prevent malicious instructions within tickets from hijacking the agent.
Recommendations
- AI detected serious security threats
Audit Metadata