using-bitrise-ci
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: All external links and repository references point to official Bitrise domains (bitrise.io) and GitHub organizations (bitrise-io, bitrise-steplib). This includes the MCP server, CLI releases, and documentation.
- [SAFE]: The skill explicitly includes security best practices for secret management, such as advising against committing secrets to version control and recommending the use of encrypted secret environment variables.
- [COMMAND_EXECUTION]: The skill documents the use of the Bitrise CLI for tasks like configuration validation and local workflow execution. These are standard developer operations within the Bitrise ecosystem.
- [DATA_EXPOSURE]: The skill provides instructions on how to authenticate with the Bitrise API and MCP server using access tokens. It correctly identifies the required headers and emphasizes the need for secure storage of these credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill involves processing CI configuration files (
bitrise.yml) and build logs. It mitigates potential risks by mandating a validation workflow using the Bitrise CLI or API before proceeding with any configuration changes.
Audit Metadata