confluence-jira
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate cross-product integration functionality as described in its documentation, using standard Confluence XHTML storage formats and REST APIs.
- [SAFE]: Credential management is handled through environment variables (JIRA_API_TOKEN, etc.) or explicit CLI flags, avoiding hardcoded secrets or unsafe storage practices.
- [PROMPT_INJECTION]: The
create-from-pagefunctionality represents an indirect prompt injection surface as it ingests data from Confluence pages to populate JIRA issues. - Ingestion points: Confluence page titles and body text read by the
create_jira_from_page.pyscript. - Boundary markers: None identified in the provided documentation.
- Capability inventory: REST API write access to JIRA for issue creation and read access to Confluence.
- Sanitization: The documentation does not specify explicit sanitization, though the data is mapped to descriptive fields (summary/description) rather than executable instructions.
Audit Metadata