hunt-cicd
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute
jenkins-cli.jarfrom an untrusted target URL (https://$TARGET/jnlpJars/jenkins-cli.jar). - [REMOTE_CODE_EXECUTION]: It includes Groovy scripts intended for execution via the Jenkins Script Console, allowing for arbitrary code execution and credential dumping on the target server.
- [DATA_EXFILTRATION]: Detailed instructions and shell commands are provided for exfiltrating sensitive environment variables and tokens (e.g.,
GITHUB_TOKEN, IAM security credentials) to external listener URLs (e.g., Burp Collaborator or custom endpoints). - [COMMAND_EXECUTION]: The skill utilizes complex shell piping and command substitution (e.g.,
printenv | base64 | curl) which are used to execute attacker-controlled payloads in CI/CD environments. - [COMMAND_EXECUTION]: It performs unauthorized access to sensitive file paths such as
/etc/passwd,secret.key, andcredentials.xmlvia exploitation of Jenkins CLI vulnerabilities (CVE-2024-23897). - [EXTERNAL_DOWNLOADS]: The skill dynamically fetches external binary tools (
jenkins-cli.jar) and installs third-party software packages (zizmor,actionlint) during execution.
Recommendations
- AI detected serious security threats
Audit Metadata