confluence-automation
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill documentation defines a workflow that ingests content from Confluence and uses it to perform write actions, creating a surface for indirect prompt injection.
- Ingestion points: The tools CONFLUENCE_GET_PAGE_BY_ID and CONFLUENCE_SEARCH_CONTENT in SKILL.md read data from an external environment.
- Boundary markers: The skill does not provide delimiters or instructions to ignore commands within ingested content.
- Capability inventory: The skill includes tools with significant side effects, such as CONFLUENCE_CREATE_PAGE, CONFLUENCE_UPDATE_PAGE, and CONFLUENCE_DELETE_PAGE.
- Sanitization: No content validation or escaping of the retrieved XHTML is specified.
- [EXTERNAL_DOWNLOADS]: The skill configuration refers to an external MCP server endpoint at https://rube.app/mcp for tool definitions and execution.
- [NO_CODE]: The skill consists entirely of documentation and does not include any executable scripts or binary files.
Audit Metadata