confluence-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests Confluence page content via the Confluence REST endpoints (e.g., scripts/confluence-update.js -> getPage calls ${wikiBase}/rest/api/content/${pageId} and verifyConfluenceSession probes) and then reads/interprets that storage HTML to build payloads and decide replacements (replace-block/replace-text/replace-element), so untrusted user-generated page content can materially influence agent actions.