The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the Atlassian CLI (acli) for core functionality. Local Python scripts (scripts/setup.py and scripts/parse_issues.py) invoke this CLI via the subprocess module. The implementation uses list-based arguments rather than shell strings, which is a standard security practice to prevent command injection vulnerabilities.
[CREDENTIALS_UNSAFE]: Jira API tokens are managed via a local .jira-token file. The skill includes robust security guidance, such as recommending restricted file permissions (chmod 600) and explicitly instructing the AI agent not to read the credential content into the conversation context, using shell-level substitution instead.
[DATA_EXFILTRATION]: Network connectivity is directed exclusively toward established Atlassian Jira endpoints (redhat.atlassian.net and related GraphQL gateways). These operations are consistent with the skill's primary purpose and do not target unauthorized or suspicious external domains.
[SAFE]: Detailed analysis of all 35 files, including scripts and reference documentation, reveals no evidence of prompt injection, obfuscation, or persistence mechanisms. The skill maintains a consistent and transparent operational model.

rhdh-jira