Word Count for Confluence — Security Information

This document describes the security posture of Word Count for Confluence, the Atlassian Marketplace app. It is intended for security reviewers at customer organisations evaluating Word Count for Confluence for installation.


Platform

Word Count for Confluence is built entirely on Atlassian Forge, Atlassian's hosted application platform. Word Count for Confluence operates no third-party servers and runs no code outside Atlassian's network. No End-User Data is transmitted outside Atlassian's infrastructure.

What this means in practice


Permissions

Word Count for Confluence requests two read-only Atlassian scopes:

Scope Reason
read:page:confluence Read the body of the current page (ADF) so word/character/reading-time counts can be computed
read:content-details:confluence Read minimal content metadata where needed for context

That is the complete scope list. The app requests no write scopes, no administrative scopes, no user scopes, no storage scopes, no outbound network scopes, and no Confluence space-level scopes.

The app does not request external network egress. No host appears in permissions.external.fetch because the app never calls any external host.

Authentication

The app uses one authentication pattern, Forge asUser(), for fetching the page body.

Forge asUser() (read page body)

When a Confluence page is rendered, the app's resolver (or dynamicProperties handler) is invoked by Forge with the signed-in viewer's identity. The resolver calls requestConfluence(route\/wiki/api/v2/pages/${contentId}?body-format=atlas_doc_format`)withasUser()`, so Atlassian's identity platform authorises the read against the viewer's own page-read permissions. If the viewer cannot read the page, the call fails and the app surfaces an inline error inside the byline panel — the app cannot read pages the viewer themselves cannot read.

There are no other authentication paths. The app does not use asApp(), does not consume customer-supplied API keys, and does not store any credentials anywhere.

Secret handling

None. Word Count for Confluence stores no secrets, no API keys, no OAuth tokens, no client credentials, and no encryption keys. The app has no kvs.setSecret() calls, no @forge/kvs usage of any kind, and no settings panel to enter credentials.

There is nothing to rotate, revoke, or audit on the secrets side — because there are no secrets.

Account actions

None. Word Count for Confluence never writes to any account, page, group, or storage. It has no write scopes (see Permissions). It cannot delete, suspend, reclaim, or modify anything — including the user's own data, the page being viewed, or any other Confluence content.

The app's interaction with the Atlassian platform is exhaustively:

  1. Receive an invocation when a page is rendered
  2. Read the page body via asUser()
  3. Compute counts in memory
  4. Return counts to the byline UI

There is no fourth step. There is no audit log because there is no action to audit.

Counting logic and zero-egress guarantees

All word/character/reading-time/section computations are performed by pure TypeScript functions in src/lib/ running inside the Forge sandbox. These functions:

The lib/ functions are unit-tested with Vitest (55 tests, all passing). Forge I/O (page fetch, runtime context extraction) is isolated in src/resolvers/ and is itself the thinnest possible shell over requestConfluence. The "Exclude macros & embeds" toggle is processed entirely in-memory by lib/stripMarkup.ts; the macro content is never sent or stored regardless of the toggle's state.

There is no AI, no analytics, no telemetry, no error reporting service, and no third-party SDKs of any kind embedded in this app. The Marketplace security review for this app is intentionally trivial: there is nothing to review because nothing leaves the runtime.


Vulnerability reporting

Security vulnerabilities can be reported to security@taskhooker.com. We commit to acknowledging reports within 5 business days and disclosing patches via the Marketplace "What's new" section.

Word Count for Confluence is a solo-developer product. We do not currently operate a paid bug bounty programme.


Compliance

Word Count for Confluence inherits the security and compliance posture of the underlying Atlassian Forge platform. Atlassian Forge is certified under:

Word Count for Confluence itself does not have independent certifications. The app code is reviewed by Atlassian as part of the Marketplace listing approval process.


Audit & change history

For your records, every code change to Word Count for Confluence is reflected in the What's new section of the Marketplace listing for each version. The Marketplace partner portal also exposes a full version history for compliance audits.