Trust Assessment
jira received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Shell Command Injection via Unsanitized User Input in CLI Backend.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 1, 2026 (commit a4d31ad1). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Shell Command Injection via Unsanitized User Input in CLI Backend The skill instructions direct the LLM to construct and execute shell commands using raw user-supplied inputs (such as issue keys, transition states, and comment text) within double quotes (e.g., `jira issue comment add ISSUE-KEY -b"Comment text"`). If a user provides input containing shell metacharacters, double quotes, or command substitutions (e.g., backticks or `$()`), it can escape the command context and execute arbitrary shell commands on the host system. Avoid executing raw shell strings. Instead, use an argument array (execve-style) where arguments are not parsed by a shell, or ensure strict validation and shell-escaping of all user-provided variables before executing them in a shell environment. Alternatively, prefer the MCP backend which does not rely on shell execution. | LLM | SKILL.md:33 |
Scan History
Embed Code
[](https://skillshield.io/report/155c9376cc5efbf4)
Powered by SkillShield