mcp-atlassian

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users to place Jira API tokens directly into command lines and environment variable assignments (e.g., docker run -e and JIRA_API_TOKEN=your_token bash ...), which requires the agent to handle or output secret values verbatim, creating exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs users to pull and run the remote Docker image ghcr.io/sooperset/mcp-atlassian:latest at runtime, which fetches and executes remote code (the container) that the skill depends on, so it is a runtime external dependency that can execute code.