Oathe Security Badge

Is SpillwaveSolutions/mastering-confluence-agent-skill safe?

https://github.com/SpillwaveSolutions/mastering-confluence-agent-skill

87
SAFE

This appears to be a legitimate Confluence documentation management skill with comprehensive functionality for uploading, downloading, and converting documentation. The main security consideration is the presence of executable Python scripts that could potentially be misused if the skill were compromised, but the scripts appear purpose-built for Confluence operations.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM Executable Python Scripts Present -25

The skill contains multiple Python scripts in the scripts/ directory that could potentially be executed via the Bash tool. While the scripts appear legitimate for Confluence operations (upload, download, conversion), they represent executable code that could perform unintended actions.

LOW Credential Files Accessed During Monitoring -10

System monitoring detected access to sensitive credential files (.env, SSH keys, AWS credentials) during the audit period. However, these appear to be from system processes during SSH login rather than skill-initiated access, and no files were modified.

INFO Standard Git Clone Network Activity -5

Normal network connections to GitHub (140.82.121.4:443) for repository cloning. DNS lookups and git operations proceeded as expected for a legitimate repository installation.