jirac

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Jira management helper, but it can make real Jira changes if used with an authenticated account.

Install only if you intend to let an agent operate Jira through your authenticated jirac setup. Use a least-privilege Jira account when possible, preview JQL scopes with read-only list commands before bulk or archive operations, and require explicit confirmation before running force, delete, move, archive, attachment, or bulk-change commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This markdown file includes ready-to-run bulk-transition, bulk-update with --force, bulk-comment, and archive commands that can modify many Jira issues at once. While the examples are labeled, the document does not warn users about the risk of mass changes or archiving affecting project data, which is required for markdown when behaviors could affect user data or system integrity.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal