jenkins-rest-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The runtime workflow ingests Jenkins-authored free text from the target Jenkins instance—especially via scripts/console-log.sh (GET $base_url/job/<job>/<build>/consoleText) and also queue/build JSON fields like .why in scripts/poll-queue-item.sh—which can contain arbitrary attacker-controlled strings (e.g., from build steps) and thus can be used for indirect prompt injection into the agent’s LLM context.