Security Audit
circleci-automation
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
circleci-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential exposure of sensitive CircleCI data via tool access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential exposure of sensitive CircleCI data via tool access The skill describes tools that can access potentially sensitive information from CircleCI projects. Specifically, `CIRCLECI_GET_PIPELINE_CONFIG` can retrieve pipeline configurations which may contain secrets or sensitive environment variables if not properly managed within CircleCI. `CIRCLECI_GET_JOB_ARTIFACTS` can provide access to build artifacts, which might include sensitive code, logs, or other outputs. `CIRCLECI_GET_TEST_METADATA` could expose sensitive test results. A malicious or careless prompt could instruct the LLM to retrieve and expose this data, leading to unauthorized data disclosure. Implement strict access controls and user confirmation prompts within the LLM's execution flow before retrieving or displaying potentially sensitive CircleCI data (e.g., pipeline configurations, job artifacts). Ensure that the underlying Rube MCP connection to CircleCI operates with the principle of least privilege, granting only necessary permissions. | LLM | SKILL.md:65 |
Scan History
Embed Code
[](https://skillshield.io/report/b33535801da36cb8)
Powered by SkillShield