pp-jira
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches a CLI utility from the npm registry and GitHub repositories associated with the author's toolset (@mvanhorn/printing-press and mvanhorn/printing-press-library).
- [COMMAND_EXECUTION]: Employs shell commands via the
jira-pp-clitool to perform Jira operations such as retrieving issues, managing project categories, and updating banners. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>parameter which enables sending command results to an external endpoint, creating a potential path for data exfiltration. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates data from Jira without protective boundary markers or sanitization.
- Ingestion points: Data is retrieved from external Jira sources through commands like
issue get,comment, andattachment get-content. - Boundary markers: Absent; there are no instructions to delimit untrusted content.
- Capability inventory: Uses the
Read Bashtool to execute CLI logic. - Sanitization: Absent; the skill does not specify validation or filtering for data fetched from the Jira API.
Audit Metadata