Skills
skills/cline/skills/teamcity-cli/Gen Agent Trust Hub

teamcity-cli

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides commands such as teamcity agent exec and teamcity agent term that allow for arbitrary command execution and interactive shell access on remote TeamCity build agents. The teamcity api command also enables raw REST API access to the server.
  • [CREDENTIALS_UNSAFE]: The teamcity auth login command supports an --insecure-storage flag that stores sensitive access tokens in plain text on the filesystem. Additionally, teamcity project token get allows the agent to retrieve secrets from the TeamCity server.
  • [PROMPT_INJECTION]: The babysit-build agent presents an indirect prompt injection surface as it is designed to autonomously diagnose and fix build failures by reading build logs and test results. It is instructed to apply repository fixes immediately without confirmation, potentially allowing malicious log content to influence code modifications.
  • Ingestion points: Build logs (teamcity run log) and test results (teamcity run tests).
  • Boundary markers: None present to distinguish untrusted log data from agent instructions.
  • Capability inventory: Autonomous file system modifications and pipeline configuration updates.
  • Sanitization: No evidence of validation or filtering for data ingested from build outputs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 12:28 PM
Security Audit — agent-trust-hub — teamcity-cli