Back to skill

Security audit

JIRA

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Jira automation skill whose shell, MCP, and credential use align with managing Jira tickets, with approval gates for write actions.

Install this only if you intend your agent to read and modify Jira data through the jira CLI or Atlassian MCP. Keep Jira API tokens in environment variables or the configured backend, avoid pasting tokens into chat, and review commands carefully before approving ticket creation, edits, transitions, comments, links, or bulk changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The reference expands beyond the MCP-only Jira skill boundary by instructing users to use the Jira CLI and raw REST API with credential-bearing shell commands. In an agent skill context, this increases the chance that users or downstream agents handle secrets unsafely, bypass intended tool controls, and perform actions outside the audited MCP interface.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger criteria are overly broad because they activate on generic terms like "issue," "ticket," "sprint," and "backlog," which commonly appear in non-Jira conversations. This can cause unintended skill activation and potentially route user requests into Jira-capable tooling, increasing the chance of accidental data access, issue modification flows, or confusing context switches in normal project-management discussions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation shows credential-based API usage with JIRA_USER and JIRA_API_TOKEN but does not warn about shell history, terminal logging, process inspection, or accidental disclosure in transcripts. In a skill consumed by agents, omission of those precautions can normalize unsafe secret handling and lead to credential leakage.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.