atlassian-setup
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Configures the environment by modifying the .mcp.json file to register the Atlassian MCP server and writing integration parameters to System/integrations/config.yaml.\n- [EXTERNAL_DOWNLOADS]: Utilizes npx to fetch and run the mcp-remote package to establish a connection with an official Atlassian endpoint at https://mcp.atlassian.com/v1/sse. These are well-known services.\n- [PROMPT_INJECTION]: Accesses Jira issues and Confluence pages, establishing a surface for indirect prompt injection from external data.\n
- Ingestion points: Jira sprint data, assigned tickets, and Confluence documents are read and processed (SKILL.md).\n
- Boundary markers: Not present; the skill instructions do not define specific delimiters to isolate external data within the context.\n
- Capability inventory: Execution of shell commands via npx, reading/writing local configuration files and tokens, and performing network operations to Atlassian APIs.\n
- Sanitization: Not present; external content is summarized and used for decision-making without explicit filtering or validation steps.
Audit Metadata