circleci-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill requires the user to configure an external MCP server endpoint (
https://rube.app/mcp) provided by the vendor. This endpoint serves as the interface for the CircleCI automation toolset.\n- [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from external sources.\n - Ingestion points: The skill retrieves external data from CircleCI via tools such as
CIRCLECI_GET_JOB_ARTIFACTS,CIRCLECI_GET_TEST_METADATA, andCIRCLECI_GET_PIPELINE_CONFIG.\n - Boundary markers: No delimiters or explicit instructions are provided to the agent to disregard instructions potentially embedded within the retrieved artifacts or metadata.\n
- Capability inventory: The skill grants the agent the ability to trigger state-changing operations, including starting new CI/CD pipelines through
CIRCLECI_TRIGGER_PIPELINE.\n - Sanitization: There is no evidence of sanitization, filtering, or validation of the data retrieved from CircleCI before it is processed by the agent.
Audit Metadata