pp-jira

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool (jira-pp-cli) using npx from @mvanhorn/printing-press or via go install from a GitHub repository (github.com/mvanhorn/printing-press-library). These resources are associated with the designated vendor for this skill.
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> flag that allows the agent to POST the output of any command to an arbitrary external URL. This creates a potential vector for exfiltrating sensitive Jira data such as issue details, user information, or configuration metadata.
  • [DATA_EXFILTRATION]: The skill includes a feedback command that can be configured via environment variables (JIRA_FEEDBACK_ENDPOINT, JIRA_FEEDBACK_AUTO_SEND) to automatically send local notes to a remote server.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it retrieves and processes content from Jira (e.g., issue descriptions, comments, attachment metadata) while having access to capabilities like file writing and network operations through the CLI's delivery sinks.
  • Ingestion points: Processes Jira issues, comments, attachments, and worklogs via jira-pp-cli (SKILL.md).
  • Boundary markers: None mentioned in the instructions to separate untrusted data from commands.
  • Capability inventory: Includes shell command execution, file writing (--deliver file:<path>), and network requests (--deliver webhook:<url>).
  • Sanitization: No explicit sanitization or validation of the retrieved Jira content is mentioned.
  • [COMMAND_EXECUTION]: The skill is designed to execute the jira-pp-cli binary with various arguments and flags to interact with the Jira API and local system state.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 07:01 PM
Security Audit — agent-trust-hub — pp-jira