confluence-automation
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server located at
https://rube.app/mcp. This source is not recognized as a trusted organization or well-known service in the provided security guidelines. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to the ingestion and processing of external Confluence content.
- Ingestion points: Untrusted data is retrieved from Confluence via search and retrieval tools, including
CONFLUENCE_SEARCH_CONTENT,CONFLUENCE_CQL_SEARCH, andCONFLUENCE_GET_PAGE_BY_ID(SKILL.md). - Boundary markers: The instructions lack definitions for delimiters or boundary markers to separate agent instructions from the retrieved page content.
- Capability inventory: The agent is provided with write-access tools such as
CONFLUENCE_CREATE_PAGE,CONFLUENCE_UPDATE_PAGE, andCONFLUENCE_DELETE_PAGE(SKILL.md), which could be misused if malicious instructions are present in the ingested data. - Sanitization: There is no mention of sanitization, validation, or filtering of the content retrieved from Confluence before it is processed by the agent.
Audit Metadata