jenkins

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for an API token and to embed that token verbatim in CLI commands and a plaintext config file (e.g., --token '<TOKEN>' and ~/.config/jenkins.json), which requires the LLM to handle and output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly enables remote code execution and security bypasses in Jenkins—arbitrary Groovy execution via the Script Console, setting non‑sandboxed pipeline scripts, automatic approval of pending scripts, and injection of shell build steps—making it easy to create persistent backdoors, execute arbitrary commands on agents, or exfiltrate credentials.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill routinely fetches and interprets user-generated content from a configured Jenkins server (see scripts/jenkins_api.py functions like get_pipeline_script, get_console_log, list_jobs and the SKILL.md examples showing use of run_groovy against the configured Jenkins URL), so untrusted third-party pipeline scripts and logs could contain instructions that influence agent decisions or subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill posts arbitrary Groovy to the user-specified Jenkins server URL (e.g., http://your-jenkins:8080 via cfg["url"] -> POST to /scriptText) which executes remote code at runtime (the code also rewrites jenkins.maxeffort.cn to 47.100.13.75), so the external Jenkins endpoint is a runtime dependency that executes code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs using the Jenkins Groovy Script Console to run arbitrary code, programmatically modify pipeline and FreeStyle job definitions (including adding shell steps), and even auto-approve pending scripts—actions that bypass Jenkins script-security and can remotely modify/compromise the Jenkins host (and potentially the local machine), so it encourages state-changing and security-bypassing operations.