The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill retrieves attachments from Confluence using urllib.request. Download URLs are constructed dynamically from the user-provided base URL and the relative paths returned by the Confluence API, ensuring that network operations remain within the scope of the intended service.
[COMMAND_EXECUTION]: The script performs standard file system operations, including reading Markdown files to publish content and writing downloaded attachments to a local directory. These operations are governed by user-supplied paths and do not involve arbitrary shell command execution or unsafe code evaluation.
[PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting untrusted data from external Confluence pages. This is mitigated through the use of structured output (JSON and tables) and HTML sanitization during Markdown-to-Storage conversion, which helps prevent the agent from treating data content as instructions.
[SAFE]: The skill follows security best practices by utilizing environment variables for authentication credentials (CONFLUENCE_API_TOKEN, CONFLUENCE_USERNAME) instead of hardcoding secrets. All dependencies, such as atlassian-python-api, typer, and pydantic, are established and well-known libraries.

confluence-cli