jenkins-exploit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs retrieving/staging credentials, SSH keys and other secrets via vulnerable endpoints and references full exploit scripts/payloads, meaning an agent using it would need to exfiltrate and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content is an explicit exploit toolkit that provides unauthenticated arbitrary file‑read and RCE exploits, reverse‑shell and backdoor payloads, credential/secret exfiltration techniques, WebSocket-origin hijacking instructions, and even a supply‑chain (@Grab) vector — clearly intended to enable unauthorized system compromise and data theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's detection and exploit workflows (notably the check_jenkins scanner in references/post-auth-and-detection.md and the CVE exploit scripts in references/cve-exploits.md) make HTTP/WebSocket requests to arbitrary Jenkins endpoints (/login, /cli?remoting=false, /script, /scriptText, /securityRealm/... etc.), parse those remote responses, and base subsequent exploit decisions/actions on that untrusted third‑party content, so it clearly ingests and acts on external user-generated/web content.