skills/swaroopsm/skills/jira-start/Gen Agent Trust Hub

jira-start

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from an external source (JIRA ticket summaries and descriptions) to generate git branch names.
  • Ingestion points: Fetches ticket data via JIRA MCP tools (SKILL.md, Step 2).
  • Boundary markers: None provided for external data content.
  • Capability inventory: Performs git branch operations (git switch, git branch) and JIRA state changes (transition, assign).
  • Sanitization: Instructions require the agent to transform the ticket title into a 'kebab-case slug', which serves as a natural sanitization step for shell-safe strings.
  • [COMMAND_EXECUTION]: The skill uses local git tools and JIRA API tools to modify state. It includes a mandatory 'Step 7 — Confirm before acting' phase where a human must review and approve the planned actions via the AskUserQuestion tool before any changes are executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 12:10 PM
Security Audit — agent-trust-hub — jira-start