circleci-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server endpoint at https://rube.app/mcp. This is the primary infrastructure provided for the tools described and is essential for the skill's operation.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion and processing of data from external CI/CD processes.\n
- Ingestion points: Untrusted data is retrieved from CircleCI through tools such as
CIRCLECI_GET_TEST_METADATA,CIRCLECI_GET_JOB_DETAILS, andCIRCLECI_GET_JOB_ARTIFACTSas defined in SKILL.md.\n - Boundary markers: The skill instructions do not provide delimiters or specific guidelines for the agent to ignore or isolate instructions embedded within the retrieved build outputs or test failure messages.\n
- Capability inventory: The agent has the capability to trigger further pipelines (
CIRCLECI_TRIGGER_PIPELINE) and manage project connections, which could be exploited if malicious instructions within CI data are inadvertently executed.\n - Sanitization: There is no documentation within the skill regarding the sanitization or validation of metadata received from the CircleCI API.
Audit Metadata