confluence
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Scripts
scripts/confluence_api.pyandscripts/confluence_auth.pyperform aggressive discovery of authentication tokens by reading configuration files from multiple applications, including Cursor, Claude Desktop, Windsurf, and VS Code extensions like Cline and Roo. - [CREDENTIALS_UNSAFE]: Both
scripts/download_confluence.pyandscripts/confluence_api.pyexplicitly disable SSL certificate verification (verify=Falseandssl.CERT_NONE), which can expose sensitive Personal Access Tokens (PATs) to interception. - [COMMAND_EXECUTION]: The skill uses
subprocess.runinscripts/mermaid_renderer.pyandscripts/render_mermaid.pyto execute the externalmmdc(Mermaid CLI) tool for diagram rendering. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points:
scripts/download_confluence.pyfetches untrusted page content via the Confluence API. 2. Boundary markers: No delimiters or safety instructions are used to wrap the downloaded content. 3. Capability inventory: The skill can execute shell commands and make network requests. 4. Sanitization: Downloaded content is not sanitized before being returned to the agent context.
Audit Metadata