jira-automation
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to ingest and act upon data from external Jira issues and comments.
- Ingestion points: The agent retrieves potentially attacker-controlled content via
JIRA_GET_ISSUE(descriptions) andJIRA_LIST_ISSUE_COMMENTS(comment bodies). - Boundary markers: No specific delimiters or "ignore previous instructions" warnings are provided to prevent the agent from obeying commands embedded in Jira issue data.
- Capability inventory: The agent has significant write capabilities, including
JIRA_CREATE_ISSUE,JIRA_EDIT_ISSUE,JIRA_ASSIGN_ISSUE, and project role management, which could be abused if an injection is successful. - Sanitization: There are no instructions for sanitizing or validating the content retrieved from Jira before processing.
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server endpoint at
https://rube.app/mcp. This third-party service acts as a proxy for Jira operations and handles authentication via OAuth.
Audit Metadata