atlassian-usage
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides several examples of shell commands using the
atlCLI, such asatl jira search-jqlandatl confluence get-page, which process user-provided identifiers. - [PROMPT_INJECTION]: The skill defines a process for extracting Project Keys and Page IDs from untrusted URL strings and interpolating them into shell commands, creating an indirect prompt injection surface. Ingestion points: Identification and extraction of parameters from
*.atlassian.netURLs inSKILL.md. Boundary markers: None specified for the interpolation of extracted values into command-line arguments. Capability inventory: Subprocess execution via theatlCLI for searching, reading, and updating Atlassian content. Sanitization: The instructions do not advise the agent to validate or escape the extracted identifiers before their use in sensitive CLI operations.
Audit Metadata