confluence

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples and non-interactive commands that pass API tokens via --token flags and inline (and show literal token placeholders), which would require an agent to include secret values verbatim in generated commands or config, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated Confluence content (e.g., via commands like confluence read, confluence search, confluence children, and confluence comments shown in SKILL.md workflows), so untrusted page/comments content could influence the agent's subsequent actions (create/update/delete) and enable indirect prompt injection.