confluence
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection.
- Ingestion points: It reads untrusted content from external Confluence pages via
confluence readandconfluence searchcommands. - Boundary markers: There are no boundary markers or instructions to isolate or ignore embedded commands within the processed data.
- Capability inventory: The skill possesses powerful write capabilities, including
confluence createandconfluence update, as well asconfluence exportfor data extraction. - Sanitization: No sanitization or validation of the ingested external content is performed.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to install a third-party package
confluence-clifrom npm. The repositorypchuri/confluence-cliis not within the trusted source scope, making the dependency unverifiable. - [DATA_EXFILTRATION] (MEDIUM): The skill provides capabilities to export entire Confluence pages and their attachments to the local filesystem (
confluence export), which could be used to facilitate unauthorized data removal if the agent is compromised by an injection.
Recommendations
- AI detected serious security threats
Audit Metadata