buildgit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code, obfuscation, or persistence mechanisms were detected in the skill scripts or metadata.
- [SAFE]: The skill manages Jenkins authentication credentials (JENKINS_USER_ID, JENKINS_API_TOKEN) provided via environment variables. It transmits these via curl to a user-specified JENKINS_URL for authenticated API access, which is the documented and intended behavior of the tool.
- [PROMPT_INJECTION]: The skill provides an ingestion surface for indirect prompt injection by fetching and displaying external data from Jenkins build logs and test reports.
- Ingestion points: scripts/lib/jenkins-common/api_test_results.sh (via curl requests for console text and test results).
- Boundary markers: Absent. The data retrieved from Jenkins is displayed to the agent context without specific isolation delimiters.
- Capability inventory: The skill utilizes git, curl, and jq to process and display CI/CD state and code information.
- Sanitization: Basic sanitization is performed on stage console text in _get_stage_console_log_text to strip HTML tags and decode common entities.
Audit Metadata