jirac Plugin

Security checks across malware telemetry and agentic risk

Overview

This Jira helper is purpose-aligned, but it gives the agent broad authority to change, delete, bulk-edit, and upload data to Jira with incomplete confirmation guidance.

Install only if you are comfortable letting the agent operate Jira through your jirac permissions. Before using it, require the agent to show exact issue keys, JQL, file paths, comment text, and planned changes before any write, delete, archive, upload, or bulk operation, and avoid force/no-confirmation modes unless you have reviewed the target set yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (11)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This skill explicitly supports raw Jira REST operations including POST, PUT, PATCH, and DELETE against arbitrary endpoints, but the description and instructions provide no warning that it can modify or permanently delete data. That omission increases the risk of accidental destructive use, especially because the skill encourages direct execution of user-specified requests and endpoint mapping without any confirmation or safety framing.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill directs the agent to upload an arbitrary local file to Jira, which sends local data to an external service, but it does not require an explicit user confirmation, destination warning, or review of attachment contents. This creates a real risk of unintended exfiltration of sensitive local files, especially if the user request is ambiguous or the file path points to logs, configs, or other confidential material.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation examples encourage broad natural-language requests like 'create a task and close two other issues in one go' without requiring explicit scoping, confirmation, or validation of which issues will be modified. In a batch Jira skill that supports transition and archive operations, this can cause unintended multi-issue changes from ambiguous user input, especially if an agent over-interprets 'this list' or infers targets from surrounding context.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill enables destructive or irreversible Jira actions such as archive and workflow transitions but provides no warning, confirmation step, or safety guidance to the user. In batch mode, a single manifest can affect many issues at once, so omission of cautionary controls materially increases the chance of accidental mass changes, data loss of visibility, or workflow disruption.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to perform a bulk state-changing Jira operation and explicitly supports a forced no-confirmation mode, but it does not require a safety warning, dry-run, or explicit user re-confirmation before executing. In an agent context, this increases the chance of accidental mass workflow changes caused by ambiguous natural-language requests or overly broad JQL, affecting many issues at once.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This skill instructs the agent to perform bulk modifications across multiple Jira issues without requiring an explicit safety warning or confirmation step by default. Because the operation can change many records at once, a vague or inferred JQL query could cause unintended mass reassignment or reprioritization, leading to workflow disruption and difficult rollback.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This skill instructs the agent to perform a state-changing Jira operation against a remote system while providing only a brief intent confirmation and no explicit safety guardrails about destructive side effects, authorization, or rollback limitations. Changing issue types can drop or invalidate fields, alter workflows/screens, and cause unintended modifications to production project data, so understated warnings increase the risk of accidental harmful actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents and operationalizes a destructive `--move` option that deletes the original issue after cloning, but it does not require an explicit confirmation or a strong warning before performing that action. In an agent setting, ambiguous user phrasing like 'move' or misparsed parameters could cause irreversible deletion of the source issue, leading to data loss or workflow disruption.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to post Jira comments directly once it extracts an issue key and comment body, but it does not require an explicit user confirmation immediately before performing the write action. Because commenting modifies an external system and may publish sensitive, incorrect, or unintended content to collaborators, a missing confirmation step can lead to accidental data disclosure or unauthorized workflow changes.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to change Jira issue workflow state directly, but it does not warn that this is a state-changing action or require explicit user confirmation before executing it. In an agent setting, ambiguous or loosely phrased requests could cause unintended transitions, altering project tracking data and potentially triggering downstream automation, notifications, or approvals.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to execute a destructive worklog deletion command directly after extracting an issue key and worklog ID, with no confirmation, preview, or warning. In an agent setting, ambiguous user input, mis-parsing, or prompt injection through surrounding conversation could cause unintended deletion of Jira time-tracking records, which may affect auditability and billing accuracy.

VirusTotal

64/64 vendors flagged this plugin as clean.

View on VirusTotal