circleci-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect prompt injection by ingesting untrusted data from the CircleCI environment.
- Ingestion points: The tools
CIRCLECI_GET_TEST_METADATA(retrieving test failure messages) andCIRCLECI_GET_JOB_ARTIFACTS(retrieving build output) ingest data that can be influenced by anyone with commit access to the repository. - Boundary markers: Absent. There are no instructions for the agent to use delimiters or ignore instructions found within the test metadata or artifact content.
- Capability inventory: The skill has powerful capabilities, including triggering new pipelines via
CIRCLECI_TRIGGER_PIPELINEand managing connections viaRUBE_MANAGE_CONNECTIONS. - Sanitization: No sanitization or validation of the retrieved metadata or artifact content is performed before it is presented to the agent.
Audit Metadata