The Agent Skills Directory

[SAFE]: The skill instructions do not contain any malicious patterns, such as prompt injection, credential exfiltration, or obfuscated content. The author's use of a 'critical' risk label in the metadata appears to be a legitimate assessment of the high-impact nature of CI/CD automation rather than an indicator of malicious intent.
[EXTERNAL_DOWNLOADS]: The skill references an external service endpoint (https://rube.app/mcp) required for its operation. This is a configuration requirement for the Rube MCP tool described and does not involve the automated download or execution of untrusted scripts within the skill's own logic.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest data from external CI/CD sources, such as job artifacts and test metadata. This creates an entry point for untrusted data into the agent's context. While this is a standard risk for automation tools that process external content, no unsafe interpolation or sanitization vulnerabilities were identified in the skill's design.

circleci-automation