atlassian-cli
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of the
aclicommand-line utility to perform various operations on Atlassian products, including Jira and Confluence. These operations include viewing, searching, creating, editing, and deleting work items.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources such as Jira ticket summaries, descriptions, and comments. An attacker with access to the Jira instance could inject malicious instructions into these fields to manipulate the agent's behavior during data retrieval.\n - Ingestion points: Commands such as
acli jira workitem view,acli jira workitem search, andacli confluence space viewinSKILL.mdbring external content into the agent context.\n - Boundary markers: Absent. The skill does not define specific delimiters or provide instructions to the agent to disregard potential commands found within the retrieved data.\n
- Capability inventory: The skill includes high-privilege operations such as
acli jira workitem edit,acli jira workitem delete, andacli jira workitem transition, which could be exploited if the agent follows instructions embedded in the ticket data.\n - Sanitization: Absent. There are no mentions of validation, escaping, or filtering for the content retrieved from Jira or Confluence.
Audit Metadata