jira-cli
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill instructions and reference documents indicates no malicious intent or security risks. The skill focuses on documented usage of the open-source jira-cli utility.- [COMMAND_EXECUTION]: The skill includes extensive shell command examples and bash scripts for interacting with the Jira API. All commands are relevant to the skill's purpose and do not perform unauthorized system modifications.- [EXTERNAL_DOWNLOADS]: Reference files include examples for downloading the jira-cli binary from its official GitHub repository (github.com/ankitpokhrel/jira-cli) for use in CI/CD environments. This follows standard and trusted installation practices.- [CREDENTIALS_UNSAFE]: The documentation correctly promotes the use of environment variables and secrets (e.g., JIRA_API_TOKEN) for authentication, avoiding hardcoded credentials.- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection surface as it processes external Jira ticket data. (1) Ingestion points: jira issue list and jira issue view commands; (2) Boundary markers: Absent; (3) Capability inventory: jira-cli write/move operations and bash script execution; (4) Sanitization: Absent. This is considered safe as it is inherent to the primary function of a Jira management tool and no exploitable logic was identified.
Audit Metadata