confluence-update
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses a dedicated Chrome profile directory (defaulting to
~/.local/share/confluence-browser-fetch-chrome) to extract Atlassian session cookies. This sensitive information is used to authenticate requests to the Confluence REST API. While this is a high-privilege operation, it is a core part of the skill's documented functionality for handling SSO sessions. - [PROMPT_INJECTION]: The tool ingests content from local files and renders it into Confluence storage format, creating an indirect prompt injection surface. If the source files contain malicious instructions, they could be uploaded to Confluence and later affect other agents or users.
- Ingestion points: Content is read from the file path specified in the
--fileargument withinscripts/confluence-update.js. - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore potentially malicious content within the processed files.
- Capability inventory: The skill is capable of performing network write operations (PUT and POST) to Atlassian Cloud endpoints as seen in
scripts/confluence-update.js. - Sanitization: The
scripts/lib.jsfile providesescapeHtmlfor Markdown rendering, but the tool allows for the direct ingestion of raw Storage XHTML content without additional sanitization. - [EXTERNAL_DOWNLOADS]: The script
scripts/confluence-update.jsrequires a local module namedatlassian-browser.jswhich is not included in the provided file list. Additionally, the documentation inreferences/distribution.mdmentions the NPM package@aholbreich/agent-skills.
Audit Metadata