The Agent Skills Directory

Unverifiable Dependencies (MEDIUM): The skill relies on a missing internal module scripts/_common.py, which is imported by every functional script. This missing file contains the core logic for the Atlassian client, credential processing (AtlassianCredentials), and the actual execution of network requests. Without this code, it is impossible to verify if the skill securely handles API tokens or if it includes hidden data exfiltration logic.
Indirect Prompt Injection (LOW): The skill is designed to ingest and process large amounts of untrusted data from external sources, creating a significant vulnerability surface.
Ingestion points: scripts/confluence_pages.py (page content), scripts/jira_search.py (issue descriptions/fields), and scripts/bitbucket_files.py (source code content).
Boundary markers: None. Data retrieved from APIs is passed directly to the agent without delimiters or warnings to ignore embedded instructions.
Capability inventory: Extensive write permissions including confluence_create_page, jira_transition_issue, jira_add_worklog, and confluence_add_comment.
Sanitization: No sanitization or validation of external content is performed before returning it to the agent context.
Data Exposure (LOW): The .env.example file contains references to a specific organization's infrastructure (https://jira.sil.org). While these are not active credentials, the inclusion of specific target URLs in a general skill template is a security best-practice violation that could lead to reconnaissance or misconfiguration.

atlassian-skills