confluence-distill
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill makes network requests to well-known services including Atlassian (atlassian.net) and Membrane (skills.sh) to retrieve page data. These operations are essential for the distillation workflow and use legitimate endpoints.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of ingesting untrusted content from external Confluence pages to generate new instructions. \n
- Ingestion points: Page bodies (body.storage/body.view) are retrieved from Confluence and processed in Step 3 of SKILL.md.\n
- Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions to isolate the fetched external data from the agent's internal logic.\n
- Capability inventory: The skill possesses the ability to create new directories and files on the host system and perform network requests to read content.\n
- Sanitization: No sanitization or verification of the fetched content is required before it is used to write the root SKILL.md and reference files for the new package.
Audit Metadata