jenkins
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves data from external sources (Jenkins) that can be influenced by third parties, such as developers' commit messages, console output from build steps, and test failure descriptions. An attacker could embed malicious instructions in these fields to manipulate the agent's behavior when it processes this information.
- Ingestion points: Jenkins console output (
jenkins-console.sh), test failure reports (jenkins-test-failures.sh), and commit messages (jenkins-build-status.sh,jenkins-build-history.sh). - Boundary markers: The skill does not wrap the external Jenkins content in delimiters or provide explicit 'ignore instructions' warnings to the agent.
- Capability inventory: The skill allows the agent to trigger builds (
jenkins-trigger.sh), abort running builds (jenkins-abort.sh), and execute arbitrary Jenkins API requests (jenkins-api.sh). - Sanitization: External data is not sanitized or filtered for instructions before being presented to the agent.
- [COMMAND_EXECUTION]: The
jenkins-console.shscript is vulnerable to argument injection. Thegrep-patternargument is passed directly to thegrepcommand without using the--delimiter or-eflag to signal the end of options. This could allow an attacker to pass flags like-ffollowed by a local file path to read sensitive local files instead of searching the console log. - [COMMAND_EXECUTION]: The skill includes a generic API tool (
jenkins-api.sh) that provides a raw interface to the Jenkins REST API. While intended for flexibility, this tool increases the potential impact if the agent is compromised, as it could be used to perform any action permitted by the configured Jenkins credentials.
Audit Metadata