atlassian-admin

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Atlassian admin skill, but it can guide powerful account and access changes without strong confirmation safeguards.

Install only for authorized Atlassian administrators. Before using it for users, groups, SSO, marketplace apps, or permissions, require an approved ticket, verify the exact target identity/resource, preview the impact, prefer reversible deactivation over deletion, and document the action in audit logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger language is extremely broad and could cause this high-privilege admin skill to be selected for many ordinary requests involving users, permissions, apps, or governance. In an agentic environment, overbroad routing into an administrative skill increases the chance of unnecessary access to sensitive operations and accidental execution of privileged workflows.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The deprovisioning workflow includes destructive actions such as removing group membership, revoking access, and deactivating accounts without an explicit warning or confirmation gate about business impact. In practice, this can lead to accidental lockouts, loss of access to critical systems, service disruption, or improper offboarding if triggered on the wrong identity.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: 3. Remove from all groups: `admin.atlassian.com > User management > [user] > Groups` 4. Revoke product access 5. Deactivate account: `admin.atlassian.com > User management > [user] > Deactivate` - REST API: `DELETE /rest/api/3/user?accountId={accountId}` 6. **VERIFY**: Confirm `GET /rest/api/3/user?accountId={accountId}` returns `"active": false` 7. Document deprovisioning in audit log 8. **USE**: Jira Expert to reassign any remaining issues
Confidence: 96% confidence
Finding: DELETE /rest/api/3/user?accountId={accountId}`

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal