address-ticket
Fail
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly requests sensitive Atlassian credentials (email and API token) via interactive prompts if they are not found in the execution environment.
- [DATA_EXFILTRATION]: The skill retrieves an Atlassian OAuth token and includes it in a
curlrequest to a URL obtained directly from untrusted JIRA ticket JSON. This allows an attacker to exfiltrate the token by providing a malicious URL in a ticket. Furthermore, the skill hardcodes a specific Atlassian tenant URL (tablecheck.atlassian.net) for GraphQL queries, which could lead to credentials being sent to an unintended organization's endpoint. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from JIRA tickets, comments, and attachments to define requirements and generate code that is subsequently executed.
- Ingestion points: JIRA ticket metadata, descriptions, custom fields, comments, attachment files, and Figma design metadata.
- Boundary markers: No protective delimiters or isolation instructions are provided to the sub-agents when processing this external data.
- Capability inventory: The skill possesses extensive capabilities including shell command execution (
acli,fcli,curl,git), repository file modification, and the ability to run arbitrary test suites. - Sanitization: No validation or sanitization is performed on the incoming ticket data or attachment content before it is processed by the agents.
Recommendations
- AI detected serious security threats
Audit Metadata