confluence-dc
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill performs invasive credential discovery across the local filesystem. The
scripts/confluence_auth.pyandscripts/confluence_api.pyfiles are designed to read sensitive configuration files belonging to various AI IDEs and extensions, including Claude Desktop, Cursor, Windsurf, Antigravity, and VS Code extensions like Cline and Roo-Cline, to extract Confluence Personal Access Tokens. - [CREDENTIALS_UNSAFE]: The utility script
scripts/confluence_api.pyincludes adiscover-patcommand that outputs discovered Personal Access Tokens (PATs) in plain text directly to the console output (stdout), which could expose them in logs or to other local processes. - [COMMAND_EXECUTION]: The Mermaid diagram rendering functionality in
scripts/render_mermaid.pyandscripts/mermaid_renderer.pyexecutes the externalmmdccommand-line utility viasubprocess.runto process generated diagram files. - [PROMPT_INJECTION]: The skill processes untrusted content from Confluence and Markdown files, creating an indirect prompt injection surface. Ingestion occurs during page downloads (HTML/Storage format) and uploads (Markdown), with no explicit boundary markers or validation logic to prevent embedded instructions from influencing the agent's behavior.
- [SAFE]: Disabling SSL certificate verification (
ssl.CERT_NONEandverify=False) is implemented inscripts/confluence_api.pyandscripts/download_confluence.py. While a security best-practice violation, this is a common requirement for interacting with internal enterprise Data Center instances on private networks.
Recommendations
- AI detected serious security threats
Audit Metadata