circleci-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external build data.
- Ingestion points: The agent reads potentially untrusted data through tools like
CIRCLECI_GET_TEST_METADATAandCIRCLECI_GET_JOB_ARTIFACTSas described in the workflows. - Boundary markers: The skill instructions do not specify any delimiters or instructions to the agent to disregard commands or formatting embedded within the retrieved CircleCI data.
- Capability inventory: The skill has the capability to perform state-changing operations in the CI/CD environment, specifically via the
CIRCLECI_TRIGGER_PIPELINEtool. - Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the agent.
Audit Metadata