atlassian-mcp-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly describes fetching and summarizing Confluence pages and reading Confluence/Jira content (e.g., "Read the 'Feature Requests' Confluence page and create a Jira ticket for each item" and "Summarize the Q2 Planning page in DEV space"), so the agent ingests untrusted, user-generated third‑party content from Confluence/Jira which can directly drive tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill launches the remote MCP proxy (npx @modelcontextprotocol/mcp-remote) and uses the remote server endpoint https://mcp.atlassian.com/v1/mcp at runtime, which causes execution of fetched npm package code and hands control of agent tools/instructions to that external service.