buildgit
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate Jenkins CI/CD monitoring tasks using standard system utilities (bash, curl, jq). Authentication with the Jenkins server is handled securely through user-defined environment variables (JENKINS_URL, JENKINS_USER_ID, JENKINS_API_TOKEN).
- [COMMAND_EXECUTION]: The main entry point script (scripts/buildgit) executes git commands and provides a passthrough for unrecognized arguments to the local git binary. This is a core documented feature of the tool.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it summarizes Jenkins build failure logs and test reports (scripts/lib/jenkins-common/failure_analysis.sh). While no malicious injection was found, the data is presented to the agent for failure reasoning. The skill includes basic sanitization by stripping HTML tags from log output using perl.
Audit Metadata