pp-jira
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool (
jira-pp-cli) usingnpxfrom@mvanhorn/printing-pressor viago installfrom a GitHub repository (github.com/mvanhorn/printing-press-library). These resources are associated with the designated vendor for this skill. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>flag that allows the agent to POST the output of any command to an arbitrary external URL. This creates a potential vector for exfiltrating sensitive Jira data such as issue details, user information, or configuration metadata. - [DATA_EXFILTRATION]: The skill includes a
feedbackcommand that can be configured via environment variables (JIRA_FEEDBACK_ENDPOINT,JIRA_FEEDBACK_AUTO_SEND) to automatically send local notes to a remote server. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it retrieves and processes content from Jira (e.g., issue descriptions, comments, attachment metadata) while having access to capabilities like file writing and network operations through the CLI's delivery sinks.
- Ingestion points: Processes Jira issues, comments, attachments, and worklogs via
jira-pp-cli(SKILL.md). - Boundary markers: None mentioned in the instructions to separate untrusted data from commands.
- Capability inventory: Includes shell command execution, file writing (
--deliver file:<path>), and network requests (--deliver webhook:<url>). - Sanitization: No explicit sanitization or validation of the retrieved Jira content is mentioned.
- [COMMAND_EXECUTION]: The skill is designed to execute the
jira-pp-clibinary with various arguments and flags to interact with the Jira API and local system state.
Audit Metadata