atlassian-readonly-skills
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted data from external Atlassian sources.
- Ingestion points: Untrusted data is retrieved from APIs in
scripts/confluence_pages.py(page content),scripts/confluence_comments.py(comments),scripts/jira_issues.py(issue descriptions), andscripts/bitbucket_files.py(file content). - Boundary markers: Absent. The skill does not wrap the retrieved external content in delimiters or include instructions to the agent to ignore any commands embedded within the data.
- Capability inventory: The skill uses the
requestslibrary for network operations inscripts/_common.py. It has read access to sensitive organizational data. No subprocess spawning or file writing was detected. - Sanitization: Absent. Content retrieved from Atlassian APIs is flattened but not sanitized, filtered, or escaped before being returned to the AI agent.
Audit Metadata