atlassian
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill implements tools that can read arbitrary files from the local filesystem and transmit them to external Atlassian sites.
- Evidence: The
parseJsonArgfunction inscripts/lib/atlassian.tsuses a@prefix convention to read content directly from a file path usingfs.readFileSync. - Evidence: The
scripts/jira-attachment.tsscript allows the agent to upload any specified local file to a Jira issue. - Risk: While these are intended features for handling large inputs and attachments, they provide a vector for exfiltrating sensitive data if the agent is tricked via prompt injection.
- [PROMPT_INJECTION]: The skill processes content retrieved from Jira and Confluence, which may contain malicious instructions.
- Ingestion points: Data is retrieved through
scripts/jira-get.ts,scripts/confluence-get.ts,scripts/jira-search.ts, andscripts/confluence-search.ts. - Boundary markers: Retreived content is not wrapped in markers to distinguish it from system instructions.
- Capability inventory: The skill has the ability to read local files and perform write operations on external Atlassian platforms.
- Sanitization: There is no evidence of sanitization or escaping of the retrieved content to mitigate instruction-following risks.
Audit Metadata