acli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly runs acli commands that fetch and parse user-generated Atlassian content (e.g., "acli jira workitem view/search --json" and "acli confluence page view" shown in SKILL.md and references/*), and those results are used to drive actions (transitions, edits, bulk operations), so untrusted third‑party content could indirectly inject instructions that influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes CI/install runtime commands that download and install a remote executable (e.g. curl -LO "https://acli.atlassian.com/linux/1.3.18/acli_linux_amd64/acli" and similar pinned/versioned URLs), which fetches and executes remote code and the skill relies on that binary as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes examples that write completion files into system locations (e.g., /etc/bash_completion.d/acli and zsh fpath), which are system files that typically require elevated privileges to modify, so it is prompting actions that alter machine state though it does not explicitly call for sudo or create users.