Confluence

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Confluence purpose, but it gives an agent authenticated write, delete, and raw API access without clear confirmation safeguards.

Install only if you trust Membrane and are comfortable routing Confluence access through it. Use a least-privileged Confluence account or OAuth connection, review the consent screen carefully, and require the agent to confirm exact page, blog, or space IDs before any create, update, delete, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises destructive actions such as deleting pages and blog posts without requiring confirmation or warning about irreversible changes. In an agentic setting, this increases the chance that a loosely interpreted user request or prompt injection leads to unintended destructive operations against Confluence content.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The proxy-request section enables arbitrary direct API calls through an authenticated connection but does not warn that these requests may read, alter, or delete Confluence data beyond the curated action set. This broad capability expands the attack surface and can bypass safer, more structured actions if an agent follows untrusted instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal