atlassian
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it retrieves and processes content from external Atlassian sources.
- Ingestion points: Fetches issue summaries, descriptions, and comments from Jira, and page content from Confluence.
- Boundary markers: No isolation delimiters or instructions are used to prevent the agent from obeying instructions embedded in retrieved data.
- Capability inventory: The skill includes the ability to create, update, and delete Jira issues and Confluence pages.
- Sanitization: Data retrieved from the Atlassian API is not sanitized before being presented to the agent.
- [COMMAND_EXECUTION]: Shell commands such as
curlandjqare used correctly to facilitate API requests and response parsing. - [CREDENTIALS_UNSAFE]: Sensitive information is properly managed through environment variables and the
vm0_secretsmanifest, avoiding hardcoded credentials. - [DATA_EXFILTRATION]: Network traffic is directed exclusively to official Atlassian Cloud domains (
atlassian.net), which are recognized as well-known and trusted services for this integration.
Audit Metadata