Skills
NYC
skills/composiohq/awesome-claude-skills/circleci-automation/Gen Agent Trust Hub

circleci-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its operational capabilities. * Ingestion points: Untrusted data enters via CIRCLECI_GET_TEST_METADATA (test messages) and CIRCLECI_GET_JOB_ARTIFACTS (file content). * Boundary markers: None are specified in the instructions to separate external data from system instructions. * Capability inventory: The skill can execute CIRCLECI_TRIGGER_PIPELINE, allowing an injection to trigger unauthorized builds. * Sanitization: No sanitization or validation of external data is mentioned.
  • [External Downloads] (MEDIUM): The skill requires the configuration of an external MCP server at https://rube.app/mcp. This domain is not a trusted source, meaning the agent's tool logic is provided by an unverified third party.
  • [Data Exfiltration] (LOW): The skill facilitates the retrieval of sensitive CI/CD artifacts and pipeline configurations, which could lead to organizational data exposure if the agent's context is compromised.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:04 AM