jira-todo
Warn
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill reads the Jira CLI configuration file at
~/.config/.jira/.config.ymlto extract project information. This file typically contains sensitive authentication tokens or API keys, and direct file access by the agent poses a risk of credential exposure. - [PROMPT_INJECTION]: The skill processes Jira ticket summaries and descriptions to prioritize tasks, creating a surface for indirect prompt injection. Malicious instructions embedded in a ticket could attempt to influence the agent's decision-making or behavior.
- Ingestion points: External ticket data retrieved via
jira issue list. - Boundary markers: No delimiters or specific instructions are provided to the model to ignore potential injections within ticket content.
- Capability inventory: The skill has the ability to execute shell commands and interact with the Jira CLI.
- Sanitization: No content validation or sanitization is performed on the ingested ticket data.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands, including
cat,grep, andawk, as well as severaljiraCLI commands to manage and analyze project data.
Audit Metadata