jenkins-ci

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains multiple examples that embed credentials in commands and config (exporting tokens used directly in CLI/API calls, a JSON payload with "password": "pass", and a mcp.json with JENKINS_API_TOKEN), which encourages the agent to include secret values verbatim in generated commands/configs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly create and run pipelines that checkout and execute code from public GitHub repositories (see job-config.xml with https://github.com/org/repo.git, the Jenkinsfile use of "checkout scm", and the multibranch GitHubSCMSource), and the MCP tools (trigger builds, get console output, get job config) cause the agent to act on and be influenced by that untrusted, user-generated third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The job configuration references and will checkout the Git repository at runtime (https://github.com/org/repo.git), and that fetched repository content (the Jenkinsfile) directly controls and executes the pipeline, so this external URL is a required runtime dependency that can control execution.