confluence-automation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to add the external MCP server at https://rube.app/mcp. This is an expected reference to the Rube service provider (Composio) for Confluence integration.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes content from external Confluence environments.\n
- Ingestion points: Untrusted data enters the agent context through tools such as CONFLUENCE_GET_PAGE_BY_ID, CONFLUENCE_SEARCH_CONTENT, and CONFLUENCE_CQL_SEARCH as described in SKILL.md.\n
- Boundary markers: The instructions do not define delimiters or explicit warnings for the agent to ignore embedded instructions within retrieved page content.\n
- Capability inventory: The skill possesses significant capabilities to modify the environment, including CONFLUENCE_CREATE_PAGE, CONFLUENCE_UPDATE_PAGE, and CONFLUENCE_DELETE_PAGE.\n
- Sanitization: There is no mention of sanitization or validation of the retrieved content before it is used in the agent's reasoning loop.\n- [NO_CODE]: No executable code or scripts are distributed with the skill; it consists entirely of markdown instructions for utilizing external MCP tools.
Audit Metadata