atlassian
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from Jira issues and Confluence pages, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: Jira API responses processed via
curl(SKILL.md) and Confluence HTML content fetched viarequests(confluence-to-md.py). - Boundary markers: Absent; the skill does not use delimiters to separate ingested external data from agent instructions.
- Capability inventory: The skill can execute system commands (
nix,curl,uvx) and perform network operations/file writes (confluence-to-md.py). - Sanitization: Absent; while HTML is converted to Markdown, the text content is not sanitized for malicious instructions.
- [COMMAND_EXECUTION]: Executes external binaries and scripts using
nix run nixpkgs#aclianduvx. It also utilizescurlfor REST API interactions andpython3 -cfor inline data processing. - [CREDENTIALS_UNSAFE]: Documentation recommends creating "classic API tokens (NOT scoped)", which grants broader permissions than necessary and increases the impact if the token is compromised.
- [DATA_EXFILTRATION]: Transmits user-provided
ATLASSIAN_API_TOKENandATLASSIAN_EMAILto the host specified inATLASSIAN_SITEfor authentication purposes.
Audit Metadata