get-latest-ci
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill contains a significant Indirect Prompt Injection surface (Category 8). It ingests untrusted data from an external CI provider via the ci_information MCP tool, including fields like 'taskOutputSummary' and 'suggestedFixDescription', and renders them into the agent context without sanitization or boundary markers. (1) Ingestion: MCP tool output (2) Boundary markers: Absent (3) Capability: Git command execution and subagent spawning (4) Sanitization: None, instructions explicitly demand results 'as-is'.
- COMMAND_EXECUTION (MEDIUM): The skill uses shell commands (!git branch, !git rev-parse) to gather repository state for context. This capability provides a primitive for potential exploitation if the agent is compromised via the injection vector.
- CREDENTIALS_UNSAFE (MEDIUM): The skill explicitly targets and reads 'nxCloudAccessToken' from nx.json. Loading sensitive CI credentials into the agent's active memory context increases the risk of data theft or accidental exposure.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on an unverified external MCP tool (mcp__nx-mcp__ci_information) from a non-trusted source to perform its core function.
Recommendations
- AI detected serious security threats
Audit Metadata