Skills
skills/jeffallan/claude-skills/atlassian-mcp/Gen Agent Trust Hub

atlassian-mcp

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing third-party MCP servers such as @sooperset/mcp-atlassian and atlassian-mcp from public registries like npm and PyPI.
  • [COMMAND_EXECUTION]: Configuration templates include shell commands (e.g., npx, uvx) for setting up the execution environment for MCP servers.
  • [DATA_EXFILTRATION]: Automated workflows described in references/common-workflows.md ingest data from external Jira issues and Confluence pages, creating a surface for indirect prompt injection where malicious content could attempt to influence the agent's logic during triage or documentation tasks.
  • Ingestion points: Issue details and page content are processed in references/common-workflows.md through jira_get_issue and confluence_get_page calls.
  • Boundary markers: The skill lacks explicit markers or instructions to isolate untrusted content from the system prompt's instructions.
  • Capability inventory: The skill includes capabilities to modify project data via jira_update_issue, jira_add_comment, and confluence_update_page.
  • Sanitization: While an escapeHtml utility is defined, it is only applied in specific formatting contexts rather than as a general sanitization layer for untrusted input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:10 AM