Skills
skills/bagelhole/devops-security-agent-skills/jenkins/Gen Agent Trust Hub

jenkins

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Unsafe shell interpolation of user-provided parameters.
  • Evidence: In SKILL.md, the line sh "deploy.sh ${params.ENVIRONMENT}" demonstrates direct interpolation of a choice parameter into a shell string. If the parameter type were changed to a string or if the Jenkins environment is manipulated, this allows arbitrary command injection.
  • [PRIVILEGE_ESCALATION] (HIGH): Insecure Kubernetes agent configuration.
  • Evidence: In SKILL.md, the Kubernetes Agent section includes a container spec with privileged: true. This grants the container root-level access to the host machine, bypassing container isolation.
  • [INDIRECT PROMPT INJECTION] (HIGH): Vulnerability to malicious inputs via pipeline parameters.
  • Ingestion points: parameters block (string, choice parameters) in SKILL.md.
  • Boundary markers: Absent. Parameter values are used directly in shell strings.
  • Capability inventory: Shell execution (sh), credential access (withCredentials), and container management.
  • Sanitization: Absent. No validation or escaping is shown for the ${params.ENVIRONMENT} variable before it is passed to the shell.
  • [DATA_EXPOSURE] (LOW): Handling of sensitive credentials.
  • Evidence: While using the standard credentials() helper, the skill demonstrates pushing to Git using credentials in the URL: sh 'git push https://${GH_USER}:${GH_TOKEN}@github.com/repo.git'. This can lead to sensitive tokens being logged in cleartext in build console outputs if not handled carefully by the CI environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:38 PM