Security Audit

atlassian-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

atlassian-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include User input passed directly to tool arguments without explicit sanitization, `RUBE_REMOTE_WORKBENCH` suggests arbitrary code execution or broad, unconstrained operations, Skill grants broad access to sensitive Atlassian data and operations.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

3 findings

Dynamic Code

3 findings

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
HIGH	User input passed directly to tool arguments without explicit sanitization The skill instructs the LLM to pass user-defined 'use_case' to `RUBE_SEARCH_TOOLS` and potentially user-defined arguments to `RUBE_MULTI_EXECUTE_TOOL`. Specifically, the example `queries: [{use_case: "your specific Atlassian task"}]` implies that a user-provided string will be used directly. If these inputs are not properly sanitized or validated by the Rube MCP system, a malicious user could craft inputs to manipulate the tool's behavior, influence search results, or inject malicious data into underlying Atlassian API calls. This is a common vector for prompt injection into downstream systems. Implement robust input validation and sanitization for all user-provided arguments passed to Rube MCP tools. Ensure that the Rube MCP system itself has strong defenses against injection attacks in its `use_case` and argument processing. Consider restricting the complexity or content of user-provided `use_case` strings and arguments to minimize injection surface.	LLM	SKILL.md:40
HIGH	`RUBE_REMOTE_WORKBENCH` suggests arbitrary code execution or broad, unconstrained operations The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' often implies an environment capable of executing arbitrary code or complex scripts, potentially bypassing structured API calls. If `run_composio_tool()` allows for execution of unconstrained code or scripts, it represents a severe command injection vulnerability and grants excessive permissions to the LLM. This could allow a compromised LLM to perform highly destructive actions, exfiltrate data, or execute arbitrary commands within the Composio/Atlassian environment, potentially without the granular controls of `RUBE_MULTI_EXECUTE_TOOL`. Clarify and strictly restrict the capabilities of `RUBE_REMOTE_WORKBENCH`. If it allows arbitrary code execution, it should be removed or heavily sandboxed with strict allow-listing of operations. If it's intended for structured bulk operations, ensure it has robust input validation, strict permission controls, and clear documentation of its limitations. Provide specific examples of its safe usage and limitations to prevent misuse.	LLM	SKILL.md:80
HIGH	Skill grants broad access to sensitive Atlassian data and operations The skill's primary purpose is to 'Automate Atlassian operations' via `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. Atlassian instances typically contain highly sensitive organizational data (e.g., project details, user information, code repositories, internal documents). While the skill itself doesn't exfiltrate data, it grants the LLM the capability to access, modify, and potentially retrieve this sensitive data across a wide range of Atlassian services. If the LLM is compromised (e.g., via prompt injection), it could be instructed to exfiltrate, manipulate, or delete critical business information, leading to significant data breaches or operational disruption. Implement strict access controls and the principle of least privilege for the Atlassian connection used by Composio. Ensure that the LLM's access is limited to only the necessary Atlassian operations and data required for its intended function. Regularly audit and monitor LLM interactions with Atlassian for unusual activity. Consider implementing human approval steps or additional verification for sensitive operations performed through the skill.	LLM	SKILL.md:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e63dc0287a66aedc.svg)](https://skillshield.io/report/e63dc0287a66aedc)