Trust Assessment
mcp-atlassian received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Command Injection via Environment Variable Expansion, Unpinned Docker Image Tag, Reliance on Untrusted Third-Party Docker Image.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Environment Variable Expansion The `run_mcp_atlassian.sh` script and the `SKILL.md` quick start guide are vulnerable to command injection. If environment variables like `JIRA_URL`, `JIRA_USERNAME`, or `JIRA_API_TOKEN` contain shell command substitutions (e.g., `$(command)` or `` `command` ``), the shell executing the script will expand and run these commands before passing the values to the Docker container. This allows an attacker to execute arbitrary commands on the host system if they can control these environment variables. Sanitize or validate environment variable inputs to prevent command substitution. For shell scripts, consider using `env` to pass variables directly to `docker run` without shell expansion, or explicitly escape potentially dangerous characters if direct user input is used to construct the command. Advise users to be cautious about the source of their environment variable values. | LLM | SKILL.md:20 | |
| HIGH | Unpinned Docker Image Tag The skill uses the `ghcr.io/sooperset/mcp-atlassian:latest` Docker image. Using the `:latest` tag means that the underlying image can change at any time without explicit action from the user. This introduces a significant supply chain risk, as a malicious or vulnerable update to the `latest` image could be pulled and executed, potentially leading to compromise of credentials or the host system. Pin the Docker image to a specific, immutable digest (e.g., `ghcr.io/sooperset/mcp-atlassian@sha256:abcdef...`) or a specific version tag (e.g., `:1.2.3`) to ensure deterministic and reproducible builds and reduce the risk of unexpected changes. | LLM | SKILL.md:15 | |
| MEDIUM | Reliance on Untrusted Third-Party Docker Image The skill relies on a Docker image (`ghcr.io/sooperset/mcp-atlassian`) from a third-party source (`ghcr.io/sooperset`). The security posture, build process, and contents of this image are not directly controlled or audited by the skill provider. This introduces a supply chain risk, as a compromised or malicious image could lead to data exfiltration (especially of the provided Jira credentials), command injection within the container, or other security breaches. Conduct a thorough security audit of the Docker image's contents and build process. Consider building the image from source if available, or using a trusted, officially maintained image. Implement image scanning and vulnerability management for all third-party dependencies. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/07f40da0847388fc)
Powered by SkillShield