The Agent Skills Directory

[COMMAND_EXECUTION]: The skill enables interaction with Confluence by executing the confluence CLI tool through the Bash shell. This requires the agent to properly sanitize and quote all user-supplied inputs, such as page titles and search queries, to prevent potential shell command injection.
[EXTERNAL_DOWNLOADS]: The skill instructs the installation of the confluence-cli package from the public NPM registry.
[CREDENTIALS_UNSAFE]: The skill manages sensitive Atlassian Confluence API tokens. It adheres to security best practices by recommending the use of environment variables and local configuration files instead of hardcoding secrets. It also promotes the use of scoped tokens and read-only profiles to maintain least privilege.
[PROMPT_INJECTION]: The skill allows the agent to read content from an external Confluence instance (via read, search, and comments). This creates an indirect prompt injection surface where untrusted content from the wiki could contain instructions intended to manipulate the agent's behavior. 1. Ingestion points: Remote data is ingested through the read, search, info, and comments commands. 2. Boundary markers: The skill does not define specific markers or instructions to isolate retrieved content from the agent's system prompt. 3. Capability inventory: The agent has access to Bash for CLI execution and Write for file system operations (e.g., export and attachment-upload). 4. Sanitization: No explicit content sanitization or validation of the remote Confluence data is documented.

confluence