buildkite-preflight
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external content by reading build logs and test failure summaries, creating a surface for indirect prompt injection. * Ingestion points: Reads output from 'bk preflight' and job logs via 'bk job log'. * Boundary markers: The instructions do not specify delimiters or safety warnings for the agent when parsing these external logs. * Capability inventory: The agent can execute 'bk' and 'jq' commands and perform git operations. * Sanitization: No explicit sanitization or filtering of external content is mentioned before the data is processed.
- [COMMAND_EXECUTION]: The skill relies on local execution of the 'bk' CLI tool and 'jq' for workflow automation and data processing as part of its primary function.
- [DATA_EXFILTRATION]: The preflight process snapshots and pushes the local working tree, including untracked files, to a remote branch on the repository's origin. This could lead to the unintended exposure of sensitive local files if they are not explicitly excluded via .gitignore.
Audit Metadata