jenkins
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill uses standard methods for CI/CD automation.
- [COMMAND_EXECUTION]: The skill utilizes curl commands to interact with the Jenkins Remote Access API. This is the standard and intended method for the skill's purpose.
- [CREDENTIALS_UNSAFE]: Authentication is handled via environment variables (JENKINS_USER, JENKINS_TOKEN), which is a secure practice to avoid hardcoding sensitive data.
- [PROMPT_INJECTION]: The skill processes data from external Jenkins API responses, which is an inherent risk for indirect prompt injection common to tools fetching external content. 1. Ingestion points: Data is retrieved from the Jenkins instance via curl API calls in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided examples. 3. Capability inventory: The skill performs network operations via curl to the user-defined Jenkins server. 4. Sanitization: No specific sanitization or validation of the API output is described in the provided snippets.
Audit Metadata