jira-todo
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
Bash(jira *)to fetch issue lists, current user info, and ticket details from the Jira CLI. It also usesBash(git *)to gather local development context like branch names and recent commits. - [COMMAND_EXECUTION]: Reads the local configuration file at
~/.config/.jira/.config.ymlto automatically detect the active project key. This is standard behavior for CLI-integrated tools. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from Jira ticket fields (summaries, descriptions, comments) and feeds them into prompts for sub-agents.
- Ingestion points: Jira API data retrieved via
jira issue listinSKILL.md(Phase 2). - Boundary markers: Absent; ticket data is passed directly to analysis prompts in Phase 3.
- Capability inventory: The skill can execute shell commands (
Bash), read local files, and write to todo lists. - Sanitization: None; external content is processed as raw text for analysis.
Audit Metadata