Bytesagain Ci Cd Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a CI/CD template generator that uses a local shell script to print workflow examples; its deployment and secret references are expected for that purpose.

Safe to install as a template generator. Before using generated workflows, review deploy and publish steps, restrict CI secrets to least privilege, add protected environments or manual approvals for production, and confirm branch/tag triggers match your release process.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill advertises generation of CI/CD configurations and explicitly requires bash and python3, while the analyzer detected shell and environment capabilities but no declared permissions. In an agent setting, undeclared execution-related capabilities can cause the skill to operate with more power than users or the platform expect, especially because CI/CD workflows commonly involve secrets, deployment tokens, and infrastructure commands.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal