twg-confluence

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on a suite of specialized CLI tools (such as confluence content, confluence space, and confluence tree) to perform operations. These are vendor-provided tools for interacting with the Atlassian ecosystem.
  • [DATA_EXFILTRATION]: The instructions describe a workflow that involves reading content from remote Confluence instances and saving it to local files for processing (references/editing.md). This is a legitimate part of the editing lifecycle but involves data movement between the remote service and local storage.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from Confluence pages that could be modified by third parties.
  • Ingestion points: Data enters the agent via confluence content get and search commands (defined in references/content.md).
  • Boundary markers: No specific delimiters are defined to separate untrusted content from instructions.
  • Capability inventory: The agent has the ability to execute commands and write local files (SKILL.md).
  • Sanitization: No explicit sanitization of fetched content is described before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 09:03 AM
Security Audit — agent-trust-hub — twg-confluence