Skills
AGENT LAB: SKILLS
skills/spillwavesolutions/confluence-skill/confluence/Gen Agent Trust Hub

confluence

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • CREDENTIALS_UNSAFE (HIGH): The scripts/confluence_auth.py script programmatically searches for sensitive credential files. It reads the global MCP configuration at ~/.config/mcp/.mcp.json and walks up directory trees to find .env, .env.confluence, .env.jira, and .env.atlassian files. This behavior constitutes a data exposure risk for credentials.
  • COMMAND_EXECUTION (MEDIUM): The skill uses subprocess.run to execute the mmdc (Mermaid CLI) binary. While intended for rendering diagrams, it processes markdown content which could be crafted to exploit the external binary.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection because it ingests and processes untrusted data from Confluence pages. 1. Ingestion points: confluence_get_page MCP tool and download_confluence.py utility. 2. Boundary markers: None (no delimiters or 'ignore' instructions are added to the ingested content). 3. Capability inventory: Subprocess execution (mmdc), file writing, and Confluence page modification/deletion. 4. Sanitization: None (content is converted but not filtered for malicious instructions).
  • EXTERNAL_DOWNLOADS (LOW): The skill relies on multiple third-party Python libraries and encourages the installation of external binaries (mermaid-cli, mark) from untrusted npm and brew repositories.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:08 PM