Skills
skills/sd0xdev/sd0x-dev-flow/jira/Gen Agent Trust Hub

jira

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from Jira tickets.
  • Ingestion points: Jira issue summaries and descriptions are retrieved using getJiraIssue and searchJiraIssuesUsingJql.
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore commands that may be embedded in ticket data.
  • Capability inventory: The skill has access to Bash(git:*) and several tools for updating Jira issues.
  • Sanitization: While branch name generation includes character stripping, the raw ticket content is still part of the agent's context and could influence its behavior.
  • [COMMAND_EXECUTION]: The skill performs shell commands via the Bash(git:*) tool.
  • Evidence: Subcommands in SKILL.md and policies in references/branch-policy.md involve executing git checkout -b, git branch --list, and git ls-remote.
  • Mitigations: The skill implements sanitization for branch names, including character filtering for slugs and prefix validation against an allow-list. It also utilizes AskUserQuestion for confirming sensitive Jira updates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:12 AM