confluence-automation
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires connecting to an external MCP server endpoint at
https://rube.app/mcp. This involves fetching tool definitions and executing logic hosted on a remote server that is not part of the established trusted vendor or well-known service lists. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external data from Confluence pages.
- Ingestion points: Data enters the agent context through tools like
CONFLUENCE_SEARCH_CONTENT,CONFLUENCE_GET_PAGE_BY_ID, andCONFLUENCE_CQL_SEARCHas specified inSKILL.md. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are implemented to protect the agent from malicious instructions within Confluence content.
- Capability inventory: The agent is granted significant permissions to modify the environment, including
CONFLUENCE_CREATE_PAGE,CONFLUENCE_UPDATE_PAGE, andCONFLUENCE_DELETE_PAGE(SKILL.md). - Sanitization: There is no evidence of sanitization or content validation for data retrieved from the remote source before it is processed by the agent.
Audit Metadata