atlassian
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
scripts/jira-attachment.tsscript allows reading arbitrary files from the local filesystem and uploading them to Atlassian Jira via thejiraUploadAttachmentfunction inscripts/lib/atlassian.ts. This capability could be leveraged to exfiltrate sensitive local data if an attacker can influence the file path provided to the script. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: Untrusted data is ingested from external Atlassian APIs in
scripts/jira-get.ts,scripts/jira-search.ts,scripts/confluence-get.ts, andscripts/confluence-search.ts. - Boundary markers: The skill lacks boundary markers or explicit instructions to the agent to treat retrieved Jira issues or Confluence pages as untrusted content.
- Capability inventory: The skill possesses file reading capabilities (
scripts/jira-attachment.ts) and performs various authenticated write operations (POST/PUT) to Jira and Confluence, providing a path for automated actions based on malicious input. - Sanitization: No sanitization or validation of retrieved content is performed before the data is returned to the agent context.
Audit Metadata