The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes untrusted data from Jenkins sources.
Ingestion points: Build logs retrieved via getBuildLog and searchBuildLog, and SCM commit messages from getBuildChangeSets (SKILL.md).
Boundary markers: Absent; there are no instructions to use delimiters or headers to prevent the agent from following instructions found within the processed data.
Capability inventory: The agent has the ability to trigger builds (triggerBuild) and update build metadata (updateBuild) as defined in SKILL.md.
Sanitization: Absent; no sanitization or validation of external content is specified before it is presented to the agent context.
[COMMAND_EXECUTION]: The skill provides tools like triggerBuild that allow for the remote execution of predefined CI/CD pipelines. While the skill mandates human-in-the-loop confirmation for these actions, this remains a significant capability that could be targeted.
[DATA_EXFILTRATION]: The skill accesses and retrieves potentially sensitive information from the Jenkins environment, including SCM configuration details via getJobScm and detailed build logs via getBuildLog. This could lead to the exposure of credentials, environment variables, or proprietary source code details if the agent is misdirected.

jenkins-cicd