Skills
skills/morphet81/cheat-sheets/update-jira-ticket/Gen Agent Trust Hub

update-jira-ticket

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the Atlassian CLI (acli) to function and provides instructions to install it from Atlassian's official Homebrew tap (atlassian/acli).
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it ingests untrusted data from external sources and possesses the capability to modify remote resources.
  • Ingestion points: The skill retrieves JIRA ticket details including summaries, descriptions, and comments via acli jira workitem view. It also reads Git commit history and file diffs using git log and git diff. These sources can contain attacker-controlled content intended to influence agent behavior.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or provide the agent with warnings to ignore instructions embedded within the fetched JIRA data or Git history.
  • Capability inventory: The skill has the authority to update JIRA ticket descriptions and post new comments using the acli jira workitem edit and acli jira workitem comment create commands.
  • Sanitization: The skill implements a significant safety measure by requiring explicit developer approval via a review step (AskUserQuestion) for all proposed updates before any modifications are committed to the JIRA API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 03:41 AM