mcp-atlassian
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill directs the user to pull and run an untrusted Docker image 'ghcr.io/sooperset/mcp-atlassian:latest' and execute a local bash script 'scripts/run_mcp_atlassian.sh'. Since 'sooperset' is not a trusted organization, this constitutes a risk of executing unverified remote code on the host machine.
- Data Exposure & Exfiltration (HIGH): The skill requires the user to pass highly sensitive credentials, specifically 'JIRA_API_TOKEN' and 'JIRA_USERNAME', into an untrusted container environment. This creates a direct path for credential exfiltration to a third party.
- Indirect Prompt Injection (LOW): The skill's primary function is to ingest data from Jira and Confluence, which are untrusted external sources.
- Ingestion points: Jira issues and Confluence search results.
- Boundary markers: Absent.
- Capability inventory: Network access to Atlassian APIs, potential for file system interaction depending on the underlying Docker configuration.
- Sanitization: Not documented in the skill instructions.
Recommendations
- AI detected serious security threats
Audit Metadata