Skills
skills/aholbreich/agent-skills/confluence-browser-fetch/Gen Agent Trust Hub

confluence-browser-fetch

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The script may transmit sensitive session cookies to non-Atlassian domains.
  • In scripts/confluence-browser-fetch.js, the resolveInputToPageId function accepts a URL as input and performs a fetch request to it, including the Atlassian session Cookie header without verifying the destination domain.
  • The downloadAttachments function in the same file follows absolute URLs found in the _links.download metadata returned by the Confluence API and includes the Cookie header in those requests, which could lead to cookie theft if the API returns a malicious URL.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection vulnerability surface.
  • Ingestion points: Content is fetched from Confluence REST API and browser-rendered HTML in scripts/confluence-browser-fetch.js and stored in the raw/confluence/ directory.
  • Boundary markers: Absent. The fetched content is saved raw without delimiters or instructions to ignore embedded prompts.
  • Capability inventory: The skill performs file writes (fsp.writeFile) and network requests (fetch).
  • Sanitization: Filenames are sanitized for path safety using slugify and safeName in scripts/lib.js, but the page content remains unsanitized.
  • [EXTERNAL_DOWNLOADS]: The script downloads page data and attachments from Atlassian Cloud domains as part of its core functionality.
  • [COMMAND_EXECUTION]: The Node.js script executes filesystem management operations and network requests.
  • [SAFE]: The skill correctly uses slugify and safeName in scripts/lib.js to prevent path traversal vulnerabilities when creating directories and files based on external metadata.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 08:23 PM