The Agent Skills Directory

[SAFE]: The skill is designed with a defense-in-depth approach, implementing multiple validation layers and hardened execution environments across all scripts.
[COMMAND_EXECUTION]: All user-controllable inputs, such as CQL queries, page IDs, and search limits, are validated using strict regex patterns. The scripts use python3 to URL-encode parameters via stdin redirection, which effectively prevents shell injection and arbitrary command execution.
[DATA_EXFILTRATION]: Outbound network access is strictly restricted to the user-specified Confluence URL. The implementation uses hardened curl options, including explicit protocol enforcement (--proto =https), which prevents protocol downgrades and mitigates SSRF risks.
[CREDENTIALS_UNSAFE]: The skill handles credentials securely via .env files using a custom loader. This loader uses an allowlist to prevent arbitrary environment pollution and validates that secrets do not contain control characters that could be used for HTTP header injection.
[PROMPT_INJECTION]: The skill addresses potential indirect prompt injection from retrieved Confluence content through explicit system instructions. 1. Ingestion points: Data enters via page content retrieval and search result scripts. 2. Boundary markers: Data is returned in structured JSON format for the agent. 3. Capability inventory: The skill is strictly limited to read-only REST API calls and lacks file-writing or generic shell execution capabilities. 4. Sanitization: All inputs are sanitized via regex and URL-encoding.

confluence-integration