circleci-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connecting to https://rube.app/mcp, which is an untrusted external domain not listed in the trusted repositories or organizations. This server manages tool schemas and CircleCI connections, acting as a critical but unverifiable dependency for sensitive CI/CD operations.
- [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface. 1. Ingestion points: Data enters the agent context through tools like CIRCLECI_GET_TEST_METADATA and CIRCLECI_GET_JOB_ARTIFACTS. 2. Boundary markers: Absent; there are no instructions or delimiters to prevent the agent from obeying malicious instructions embedded in test results or build artifacts. 3. Capability inventory: The skill provides high-impact capabilities including triggering pipelines (CIRCLECI_TRIGGER_PIPELINE) and managing authentication. 4. Sanitization: There is no evidence of data sanitization or content validation for the metadata or artifacts retrieved from CircleCI.
Audit Metadata