Skills
skills/abcfed/claude-marketplace/jenkins-deploy/Gen Agent Trust Hub

jenkins-deploy

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python scripts (scripts/jenkins_deploy.py and scripts/run_tests.py) to interact with Jenkins APIs, manage build queues, and monitor execution status. These scripts are invoked via the command line with various parameters including JSON payloads.
  • [EXTERNAL_DOWNLOADS]: Installation instructions utilize npx add-skill to download the skill from the author's GitHub repository (github.com/ABCFed/claude-marketplace). This is a standard distribution method for this ecosystem.
  • [CREDENTIALS_UNSAFE]: The skill requires sensitive credentials (JENKINS_USER and JENKINS_TOKEN) to be stored in environment variables. While standard for Jenkins automation, these credentials grant access to the CI/CD environment and are recommended to be handled with caution.
  • [DATA_EXFILTRATION]: The skill transmits build parameters and authentication tokens to the remote Jenkins server at ci.abczs.cn. This network communication is essential for the skill's functionality.
  • [PROMPT_INJECTION]: The skill processes untrusted input from Git metadata (branch names, tags) and user-provided JSON strings for build parameters. While it lacks explicit sanitization documentation, this is a common attack surface for indirect prompt injection where malicious branch names could attempt to influence script behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 08:48 AM