Manage Jira issues and Confluence wiki pages in Atlassian Cloud. Use when: (1) searching/creating/updating Jira issues with JQL, (2) searching/reading/creating Confluence pages with CQL, (3) managing Jira workflows, transitions, and comments, (4) browsing Confluence spaces and page hierarchies. Supports OAuth 2.1 via MCP server (recommended) or API token authentication (fallback).
76
—
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Third-party content exposure detected (high risk: 0.75). At runtime, the OAuth/MCP backend calls Atlassian MCP tools and ingests their returned `content` text into the agent context via `mcp_client.py` (`tools/call` → `_make_request` → `call_tool` extracts `text` fields and returns `combined`/parsed JSON), which is outsider-authored free text from a third-party service.
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to Atlassian MCP endpoints (e.g. https://mcp.atlassian.com/v1/mcp and related URLs https://cf.mcp.atlassian.com/v1/register and https://cf.mcp.atlassian.com/v1/token) to register/authorize and invoke MCP tools on the server, which execute remote tooling and return JSON content the skill consumes, so external content is used at runtime to drive tool execution.
9731c77
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.