confluence
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes tasks by calling an external command-line tool named
af confluence. This tool is used to perform operations such as searching, reading, and updating Confluence content. - [CREDENTIALS_UNSAFE]: The skill requires Atlassian API credentials (
JIRA_API_TOKEN,JIRA_EMAIL) to be stored in an environment file. While this is standard for CLI integrations, it involves handling sensitive authentication data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external Confluence pages and comments which could contain malicious instructions.
- Ingestion points: Page content and comments are ingested via
af confluence get,af confluence search, andaf confluence comments. - Boundary markers: No specific boundary markers or 'ignore' instructions are provided to separate page content from agent instructions.
- Capability inventory: The skill can execute CLI commands, read local files via
--body-file, and upload attachments. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from Confluence.
- [NO_CODE]: The skill consists of documentation and instructions for an external CLI tool rather than providing its own executable code.
Audit Metadata