work
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (
git worktree add) using arguments derived from external Jira ticket data. The skill includes explicit instructions for sanitizing these inputs (e.g., regex-based key extraction and slugification of issue summaries), which reduces the risk of direct command injection. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves data from external Atlassian sources (Jira issues and Confluence pages) and incorporates this content into the agent's context for subsequent planning and implementation tasks. There are no boundary markers or sanitization steps specified for issue descriptions or page content. Ingestion points: Jira summaries, descriptions, and Confluence page content. Boundary markers: Not present. Capability inventory: Git worktree management, directory navigation, and autonomous planning. Sanitization: Applied to branch names, but not to the core content used for implementation planning.
Audit Metadata