confluence-to-nextjs
Fail
Audited by Snyk on Jun 19, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt includes and endorses embedding a personal Confluence API token directly in a curl command (basic auth "user:ATATT3x..."), which instructs the agent to handle and output secrets verbatim and thus creates a high exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider-authored Confluence page body text is fetched at runtime via the Confluence REST API (
body-format=storage), then converted and ingested into the agent/LLM context as HTML-to-JSX content.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata