Skills
skills/sultanfarizbythen/skills/be-jenkins-deploy/Gen Agent Trust Hub

be-jenkins-deploy

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute platform-specific shell commands (PowerShell, osascript, and notify-send) to display notifications. These commands directly interpolate external variables such as branch names and job names without prior validation or escaping.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of data from external systems.
  • Ingestion points: The skill reads branch information from GitHub PRs via the gh CLI and build status information from Jenkins job responses.
  • Boundary markers: No boundary markers or isolation techniques are employed to separate these external strings from the command logic.
  • Capability inventory: The skill has the capability to perform shell executions on the host system to provide desktop notifications.
  • Sanitization: There is no evidence of sanitization, filtering, or escaping for variables like <branch>, <job>, or <RESULT> before they are passed to the shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 07:47 AM